[ppml] Soliciting comments: IPv4 to IPv6 fast migration

JORDI PALET MARTINEZ jordi.palet at consulintel.es
Wed Jul 25 22:57:02 EDT 2007 

Hi Keith,

This is a very good example of the typical set of issues that have easy
solutions ;-), at least in a temporary phase, so you can start testing IPv6
w/o any major investment.

We are talking about transition and co-existence, not migration. Starting
from that point, all make much more sense. See below in-line.

Regards,
Jordi




> De: "Keith W. Hare" <Keith at jcc.com>
> Responder a: <ppml-bounces at arin.net>
> Fecha: Wed, 25 Jul 2007 22:36:14 -0400
> Para: ARIN Address Policy <ppml at arin.net>
> Asunto: Re: [ppml] Soliciting comments: IPv4 to IPv6 fast migration
> 
> 
> It is not at all clear to me whether or not this proposal will speed
> adoption of IPv6.
> 
> I see a several impediments to adopting IPv6:
> 
> 1. Current ARIN policies favor Provider Agregatable (PA) address
> allocations rather than Provider Independent allocations (PI).  Since
> IPv6 discourages NAT, this suggests that I get an IPv6 address

Doesn't discourages. It is no longer needed, because NAT was created as an
earlier and quick solution for the lack of IPv4 addresses. Then we started
using it for many other things that was not designed for (such as avoiding
renumbering using PA, hiding networks, false security, etc.).

> assignment from an ISP and number all internal resources using the ISP's
> IPv6 addresses.  Then, If I decide to switch ISPs, I have to renumber
> everything and rewrite all firewall rules.  Why would I adopt a protocol
> that tied me to an ISP?

You can also obtain IPv6 PI if this is problem for your case.

> 
> 2.  I have lots of devices on the internal network that may not (or
> maybe they do, I dunno) support IPv6, the temperature monitor and the
> UPS, for example.  These types of devices are going to slow the move to
> IPv6 in the internal network.

Not an issue, as it is a transition and co-existence, so we keep using
DUAL-STACK. Those devices still can keep using IPv4. In fact my strong
recommendation is to keep using dual-stack in the LAN, typically you keep
using private addresses for IPv4. If any of those devices need to be
addressed from outside of you LAN, you use same techniques as today (NAT/PAT
translations, VPNs, etc.), or if you want to use them from IPv6 "only"
networks, then you will use some kind of portproxy or similar, to allow an
incoming IPv6 connection to your network to be forwarded to that IPv4 device
in the LAN.

> 
> 3.  My firewalls do not currently support IPv6 and the firewall vendor
> has not announced when IPv6 will be supported.

It is a bad vendor ;-) No, seriously, you can still setup a linux or your
preferred low-cost alternative box with iptables6.

> 
> 4.  I *think* my T1 router supports IPv6, but maybe on the next version
> of the software.  It's difficult to find the documentation.

You can use the same box (a PC) to be used as the IPv6 firewall as the IPv6
router for your network an tunnel IPv6 to outside.

> 
> 5.  I don't know if my upstream ISP supports IPv6 yet.  Their web site
> does not say.  I asked my sales contact that question several weeks ago,
> but between various summer vacations, I haven't gotten an answer yet.

If your ISP doesn't support IPv6, make sure to ask for it, but meanwhile,
you can use alternative IPv6 transit providers, most of them even free.

> 
> 6. Do the software products I use support IPv6 yet?

Difficult to say w/o a list, but even if it is not the case, as you run
dual-stack, there is no immediate need for that ! And if needed, portproxy
is your friend.

> 
> There is a large amount of inertia here. With what I know at the moment,
> I don't see how we can completely convert the internal network to IPv6
> for at least five years, and maybe longer.

I guess much before 5 years you will have many other reasons to replace
hardware and apps if you still want to get rid of IPv4 completely at that
time.

> 
> Keith
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> This message sent to you through the ARIN Public Policy Mailing List
> (PPML at arin.net).
> Manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/ppml

More information about the ARIN-PPML mailing list