RIPE our of IPv4

• Previous message (by thread): RIPE our of IPv4
• Next message (by thread): RIPE our of IPv4
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/26/19 12:13 AM, Sabri Berisha wrote:
> ----- On Nov 26, 2019, at 1:36 AM, Doug Barton dougb at dougbarton.us wrote:
> 
>> I get that some people still don't like it, but the answer is IPv6. Or,
>> folks can keep playing NAT games, etc. But one wonders at what point
>> rolling out IPv6 costs less than all the fun you get with [CG]NAT.
> 
> When the MBAs start realizing the risk of not deploying it.
> 
> I have some inside knowledge about the IPv6 efforts of a large eyeball network. 

For what it's worth, I have extensive experience in both eyeball and 
content networks.

> In that particular case, the cost of deploying IPv6 internally is not simply configuring it on the network gear;

We're rehashing old ground here. Perhaps you weren't on the list the 
last N times this has come up. My short answer, I didn't say it would be 
easy, I said it is less expensive than the alternatives over time.

> that has already been done. The cost of fully supporting IPv6 includes (but is probably not limited to):
> 
> - Support for deploying IPv6 across more than 20 different teams;

I don't understand how you're using "teams" here. For the most part you 
turn it on, and end-user systems pick up the RA and do the right thing. 
If you want something fancier, you can do that with DHCP, static 
addressing, etc. In other words, this works the exact same way that IPv4 
does.

> - Modifying old (ancient) internal code;

What code? IPv4 isn't going away on the inside, so what needs to be 
modified? If you're talking monitoring software, etc., if you're still 
using software that doesn't understand IPv6, you're way overdue for an 
upgrade already.

> - Modifying old (ancient) database structures (think 16 character fields for IP addresses);

Either see above, or much more likely you'd be adding a field, not 
modifying the existing one.

> - Upgrading/replacing load balancers and other legacy crap that only support IPv4 (yeah, they still exist);

If we're talking about an enterprise that is seriously still using stuff 
this old, it's more likely than not that IPv6 is the least of their 
worries. And I'm not being flippant or disrespectful here. For at least 
the last 10 years or so, and definitely in the last 5, all of the 
enterprise level network gear sold has had support for IPv6. So again, 
way overdue for an update, but if this is all you have available, then 
you likely have bigger fish to fry. (And feel free to save the 
obligatory, "My favorite network widget that I use in my 100% 
enterprise-class network does not support IPv6." Yes, I realize that 
there are exceptions, but they are the exceptions, not the rule.)

> - Modifying the countless home-grown tools that automate firewalls etc;

Yes, this is actually a legitimate point.

> - Auditing the PCI infrastructure to ensure it is still compliant after deploying IPv6;

Also legit, where it applies, although you also have the option of not 
deploying on the network with the PCI data. For internal-only things, 
it's great to have IPv6, and will become increasingly important as time 
goes on, but it's not required.

> Execs have bonus targets. IPv6 is not yet important enough to become part of that bonus target: there is no ROI at this point. 

That depends heavily on what enterprise you're talking about.

The point I'm trying to make is that there IS an ROI here. For content 
providers it's the ability to create a stable network architecture 
across all of your sites, and connect directly to the many eyeballs that 
are already on IPv6 (cell networks, many ISPs, etc.). There is also the 
much harder to define ROI for future-proofing the network, but that's 
part of the master class.  :)

For eyeball networks the same stable network architecture argument 
applies. The immediate ROI is harder to define, but similar, in the 
sense that connect directly to the many content networks that have 
already deployed IPv6 and future-proofing are both relevant.

Much harder for the eyeball networks to quantify are the savings related 
to NOT having to do [CG]NAT, etc. To create that slide you need an exec 
who truly understands the (rising over time) costs of twiddling around 
with the NATs, as well as the realistic costs involved in rolling out 
IPv6 balanced by the long term support. Then you also need an executive 
team and board that can understand those slides when they see them.

But it's not all in vain. I'm on Spectrum here at home, and I have 
native IPv6 that "just worked" from the moment I plugged my router into 
my cable modem.

So there are a non-trivial number of both eyeball and content networks 
that already get it. The value proposition obviously does exist, we just 
need more people in the right places with the right knowledge and 
experience to make it happen.

Doug

• Previous message (by thread): RIPE our of IPv4
• Next message (by thread): RIPE our of IPv4
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]