[ppml] PIv6 for legacy holders (/w RSA + efficient use)

Mon Jul 30 11:10:57 EDT 2007

> -- Firewall -- Yes, I could build my own with linux and 
> freely available software.  We did that with IPv4 10 years 
> ago.  Today, I would prefer to purchase an off-the-shelf model.

A few minutes with Google found this quote from VARBusiness magazine.

   Because IPv6-supported firewalls are now widely available, 
   agencies likely won't run into trouble finding the right 
   equipment. Cisco, Check Point Software Technologies and other 
   major vendors now offer IPv6 firewall solutions. IPv6-enabled 
   firewalls can also be configured using open-source Linux and 
   Berkeley Software Distribution, or BSD, operating systems.

I suggest that you need to either contact Juniper/Cisco/Checkpoint with
your requirements or find a consulting firm that will install and
support an off-the-shelf IPv6 firewall for you.

> -- Software support -- Many operating systems have some level 
> of IPv6 support in them.  But what about data-access 
> protocols such as ODBC, JDBC, and OCI?  I can't test these 
> until I have an IPv6 network in place.

You've just made the business case for setting up an IPv6 test
environment today. If your test environment shows that IPv4 is essential
for DB communication, then it will also allow you to trial workarounds
such as IPv4 over IPv6 tunnels, or an application layer gateway. The
IPv6 purists will curse you for implementing such things but in most
organizations the goal is to make it work, reduce risk, keep costs under
control, and deliver value to the customer.

> If IPv6 is going to be adopted, there has to be a critical 
> mass of network devices and software that supports it.
> 
> That critical mass has to include both high-end and medium to 
> low-end routers & firewalls.  I'm only going to purchase a 
> couple of US$ 5,000 devices, so we need a lot of 
> organizations like mine to drive vendors to build US$ 5,000 
> level devices.
> 
> To do this, we need a lot of organizations that say "Hey, we now have
> IPv6 addresses, we need equipment and software that use them."

The accepted tool for doing this is the RFP process. Write a good
Request For Proposals and circulate it to the vendors who you think may
be able to deliver. Make sure that you do some research so that it does
get in the hands of smaller IPv6 specialists as well as the well-known
IPv4 companies. Since you are running the process, make sure that all
vendors receive a list of the companies who received the RFP, run a Q&A
session with the complete Q&A minutes distributed to all vendors.

This type of RFP process a) lets vendors know there is demand for IPv6
support, b) lets vendors know who is a player in the IPv6 space and c)
gives vendors a view of the kinds of questions that should be asked to
fully understand the situation for the product installation.

All of this generates buzz, wakes up product development teams, leads to
acquisitions and generally gets IPv6 products on the market faster.

--Michael Dillon