[arin-ppml] The non-deployment of IPv6

Lee Howard spiffnolee at yahoo.com
Mon Dec 14 20:53:26 EST 2009


Am I the only one who remembers when email clients let you respond in-line, 
preserving context?  Not just you--none of my mailers do it either.


> > "Why is it less expensive to buy a big NAT box to translate nearly all of your traffic than to migrate to IPv6?"

> Lee, simply having Legal IDENTIFY (let alone find a way to mitigate) all the 
> contractual and compliance issues that might be involved with such a switch 
> would likely exceed the cost of a NAT box significantly....and that's only one 
> small factor involved in making such a switch.

Legal issues with NAT:
* If you get a subpeona for records related to an IP address, can you figure 
  out what device used that IP address?  
* Can the legal requestor provide all of the data required to identify a host?
  (IP address, timestamp, port number)
* The request was based on a server log someplace.  Is its timestamp 
  accurate?  Is yours?
* Does that server log include port numbers?
* How long do you have to retain logs, and what kind of logging server do 
  you need?

What are the legal issues related to IPv6?

> > "Vendors may not come to your rescue."
> This is entirely possible. However, there will be a large cash incentive for 
> them to do so. Furthermore, it may not be MY rescue that they need to come 
> to. Who is likely to be more negatively impacted by such a situation... the 1-5% 
> of internet users who MAY initially be on IPv6 only....or the 95+% of the 
> existing IPv4 internet that can communicate with itself just fine???

Are you sure that none of that 1-5% is important to you?
It will increase over time, as nearly 200 million devices per year [1] are
added, and as people dual-stack so they can reach all of the Internet.

> Believe it or not....I'm alot more aware of the IPv6 situation then the 
> average Enterprise Admin..... and I expect my attitude is not at all atypical.  
> If there aren't some fairly robust solutions available by the time IPv6 hits.... 
> then the problem is going to be alot more wide-reaching then you may think.

Yes, I believe it.  The problem is not going to be more wide-reaching
than I think.  I think we will have a fragmented Internet, where you just
can't get from some places to others.   Several bad things follow from that.

> > "In most cases, IPv6 is simpler and cheaper than the alternatives."
> This statement is impossible even as a generalization as the costs and 
> impacts of IPv6 and it's ramifications vary wildly from Enterprise to 
> Enterprise. Without understanding the specifics of each individual 
> situation and the possible alternatives it is simply not possible to make 
> such statements accurately.

"most" is accurate.   

> IETF like many institutions (including ARIN) is subject to institutional 
> biases....just mention NAT66 on an IETF mailing list and you'll see 
> what I mean. Heck, I've gotten enough grief for mentioning NAT here 
> on this list....despite the fact that many Administrators find it a valuable tool.

Drafts:  http://tools.ietf.org/html/draft-mrw-behave-nat66-02.txt 
Mailing List:  https://www.ietf.org/mailman/listinfo/nat66 
Responsible AD: Ralph Droms 


> Obviously when the time comes when it is necessary to start researching 
> a solution (I'm assuming for the 2011, 2012 or 2013 budget cycles 
> depending on how depletion goes)....if adequate solutions do not exist....
> then it's time to start considering other options and costs. Right now 
> switching to IPv6 native is pretty far down on the list of options (possibly 
> even below not having connectivity to the IPv6 only portion of the internet initially).

When is "when the time comes"?   Is it when IANA runs out, or when ARIN
refused your address space request, or when your ISP can only give you 
IPv6 for your new branch office, or when your users, customers, employees
or clients can't reach your servers?  
My point is that now is the time to write your plan, so you know what it 
will be.  If you do so, the odds are high that a gradual dual-stacking of
public-facing systems will mean you can wrap IPv6 into planned upgrades,
and won't have to buy a NAT box and hurriedly put together a whole edge
plan.

> > This is all still cheaper than just learning and using IPv6??
> Off the top of my head...by many orders of magnitude, yes. I find that 
> taking a gradual approach and layering services on top of existing 
> infrastructure to address specific needs is generally more cost effective 
> then wholesale replacement of entire infrastructure. 

That's exactly what I'm advocating.  You probably don't need to replace
any hardware for IPv6 (you may want to replace something for other
reasons, and include IPv6 in your replacement decision).

> There are likely quite a few plans in the works at vendors which 
> have not been made public yet. 

Probably.  But not much about IPv6 is secret.  And if it is, they're
doing it wrong.

> > "to an O/S issued in 2007 or later, which by end of 2011 is pretty 
> > minimal; would you even allow something older on your network? "
> LOL.... you really aren't that familiar with Enterprises are you??  

Silly question.  Yes, I know quite a bit about the enterprise networks
on which I consulted, and on the enterprise network I ran until a year
ago.  They're aware of IPv6, and making sure their procurement 
includes IPv6 support (in some cases allowing for a 2010 roadmap,
but not for infrastructure).  

> I'm writing this from my Win2K Pro box right now. 

Your argument is that in 2011, you will buy an appliance to translate
Internet traffic for your 11 year old operating system?

> It's really not 
> THAT uncommon for an Enterprise to have some hw/sw that is 10 
> years old or more. 

The point was about VPN clients, which would be home machines.
Surely you're not sending your users home with Win2K on laptops?
People VPN from whatever laptop you provide them, or from their
home machine [shudder].  Your VPN server isn't ten years old?

> Right now XP is the standard on the Enterprise....it remains to be 
> seen whether Windows 7 will pickup that mantle or not....and 
> certainly there will be plenty of XP around in the Enterprise by the 
> end of 2011. MS's life-cycle support for it extends out to 2014 or 
> so I understand.

XP is also the standard in the home, with almost 70% share.  But
Vista and 7 are 22% and rising fast.
http://marketshare.hitslink.com/os-market-share.aspx?qprid=11


> IPv6 is a huge cost for near ZERO gain from my perspective 
> (other then addressing IPv4 runout). It's undoubted that we'll need 
> connectivity to IPv6 address space at some-point. 

That's pretty compelling.  If you have to do it anyway, are you sure
it's cheaper to do it later than sooner?   
I'm trying to see your point, but I don't understand what costs 
you're talking about.
It sounds like your plan is to wait until you have a lack of 
connectivity to something you need (so one of your users is upset), 
then quickly buy a translator to fix them problem.  But since you 
have to use IPv6 into your data center (colo, server room, whatever) 
to get the magic box to work, and you have to run IPv6 eventually 
anyway, why not skip the magic box and plan the migration?


Lee

[1] http://www.nro.net/documents/presentations/jointstats-sept09.pdf


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20091214/2df5d966/attachment.htm>


More information about the ARIN-PPML mailing list