[arin-ppml] The non-deployment of IPv6 - The Economic Factor

Wed Dec 9 20:02:12 EST 2009

John,

I must agree with your assertion that we have risks not yet considered in
the systems space.  

I wear dual hats and so besides running a regional ISP/Data Center, I spun
off a software company a few years back to focus on a task management and
workflow application that we had originally built for in-house use.  

We have a particularly savvy and very high-end customer on that task
management software (http://www.JobTraQ.com if anyone cares).  They seem NOT
to be feeling the pinch lately at all.  And thus, because unlike much of the
world they have extensive free capital and human resources to play with
right now, they are already running IPV6 dual stack in their test and
staging environments, in some of their training labs, and on a careful few
of the developer and business analyst's stations from where same access
their test and staging system.  They can turn IPv6 off if they find anything
wrong and need to press on, but it has effectively helped them alert their
vendors (like us) ahead of some non-desirable moment of crisis.  We only had
two minor issues, but we were completely blindsided by them both.  One issue
was that we couldn't handle the longer string in a place where we audited
and then stored successful (and unsuccessful) logins along with remote users
IP address.  The other issue was in a security report for displaying the
same data back to the system administrator.  The things is, it is pretty
hard to log in if you are trying to save a big old IPv6 address into a field
with space for only 15 characters as part of that process (since that is
where the web server goes cross-eyed and begins looking for the corner in a
round room).  

Anyway, as a result of this, we have decided to deploy IPv6 on a limited
scale in the same dual stack modus so that we don't have to experience that
red faced feeling again.

With that said, I would like to briefly pontificate on a related topic and
set it up by first quoting myself:  "... And thus, because unlike much of
the world they have extensive free capital and human resources to play with
right now,,..."

This (*The Economic Factor*) should not be underestimated as one of the more
significant root causes of IPv6's purported "non-deployment" as discussed
recently on this list.  Were this 1999, with dot com crazed investors
drooling out large blobs of cash on demand, then Cisco (and I guess Juniper
too) would have already had six record quarters as every network tech
unpacked his new toys and enabled IPv6 just so he could say that he had on
his resume, etc.  Same applies at the "of course we do" well funded backbone
providers.  

See here it is:  One thing that will almost always vault the lowly
ROI-calculating-tactician into the irrefutable and overarching command
position above the normally elevated strategist is this... a limited budget.
"Sounds good, but not today.  We don't have the money."  Conversation over.

I am so NOT a big government person, that this is almost astounding for me
to say, but this may be one of those situations where government's aid is
actually needed.  Unless some entity is able to push down the cost of
deployment by mandating it upon themselves (fear shudders through me
britches as I ponder the risks of saying this, and then finding they mandate
it for me - must be a hypocrite).  In this economy, and without a large
scale reference case complete with interoperability studies, etc. there is a
daunting chasm that the capitalists and entrepreneurs are just not ready to
cross yet in order to get to IPv6.  Their capes are still tattered from the
current and hopefully waning battles against the dark forces of
commoditization, economic slumber, and comfort in the current state of "so
who is out of gas [IPv4}?  My car [ISP] is still moving".

Make sense?

I think we have an economic problem here.  How many software vendors are
going to get blindsided because they don't have a customer like we did to
test ahead of us?  How many ISP's will slide under the edge of the universe
when the IPv4 run out crushes them for resources they don't have?  Will they
turn to the banks to help them capitalize the switchover costs?  Where is
the ROI?  Are we doing this so that we can access new revenues, (which is
bankable) or isn't this really just a tad more like the Y2K thing?  Spend,
spend, spend, stop, do we survive?  Whew, then now we can go back to work
right?

I don't have an easy answer to all of this, but thought it should be raised.
We may as a group need to start asking for some help, or figuring out how to
at least get a working group up and running that leads vendors rushing in
hoping to be the first to get the stamp of approval (and thus the ROI of
being first to announce "ready for IPv6 Interop", or "certified by X", etc).
Without a powerful economic incentive (sponsor, reference case, marketing
advantage, etc.) being provided in advance we are assuring the likelihood of
a painful transition - not at the time of our own choosing.

I don't mean to suggest that vendors can't do IPv6 today.  I am suggesting
that they can't do it well yet, and that as a result nobody wants to be
first if there is nobody really waiting to reward them for success. 

I also kind of agree with the "why didn't we just add some octets to IPv4"
statement, because the greatest capital spend is not on gear, it is on the
daunting task of becoming organizationally competent at something so very
different than the last rev.  At the end, we are all bright and capable,
it's really a resource question.  Can we afford to do this? Critical mass
has to be generated and all of the incentives will arrive, but the core
question is how can we create these incentives BEFORE the run-out, and in
this economy?

</pontification>

Best,
~Vaughn

-----Original Message-----
From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On
Behalf Of John Curran
Sent: Wednesday, December 09, 2009 6:43 PM
To: Chris Engel
Cc: arin-ppml at arin.net
Subject: Re: [arin-ppml] The non-deployment of IPv6

On Dec 9, 2009, at 4:48 PM, Chris Engel wrote:
> 
> Well,
> 
> If the time estimates I've seen put forward here are accurate....and I see
no reason to assume they wouldn't be.... then it'll be 2-3 years minimum
before we see anyone out there that can ONLY do IPv6.

I agree that looks like a lot of time, but there's quite a few assumptions
in such an estimate and it could move up very quickly.  Additionally, there
will be an increasing number of clients which will attempt to connect via
IPv6 *first*, so you actually are impacting your performance if you don't do
IPv6 soon.

> In that time frame I'd be looking for the same sort of solution for public
facing servers in the DMZ as I would for the rest of my network....namely
some sort of v4 to v6 gateway service that would act as a proxy for my 4
machines and allow them to communicate with IPv6 hosts.

Does your present firewall device support IPv6 NAT today?   In discussion
this situation with other organizations, I'm generally finding that routers,
firewalls, and load-balancers aren't what are not what breaks, but instead
their tools such as help-desk system and configuration generators which
simply don't know IPv6.  Finding these issues is a great reason to
experiment with at least one public facing IPv6 server sooner rather than
later.

/John
_______________________________________________
PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
Unsubscribe or manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/arin-ppml
Please contact info at arin.net if you experience any issues.