[ppml] IPv4 wind-down
tedm at ipinc.net
Thu Mar 22 15:55:31 EDT 2007
>From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of
>Sent: Thursday, March 22, 2007 8:56 AM
>To: ppml at arin.net
>Subject: Re: [ppml] IPv4 wind-down
>I see a lot of people discussing what each person thinks the rest of the
>world should do. How about some discussion about what we each ARE doing
>so we can provide some ideas and pro-active community.
We have had a strategy of encouraging customers to use NAT ever since 1999,
as a result our total IP address need has not changed, since we have been
able to answer our own growth needs for more numbers for more customers
by taking away larger blocks (/24s and the like) from customers that
we originally had assigned to them. Raising the price to very high levels
for larger block allocations coupled with free technical assistance in
helping customers to renumber works wonders. We have a number of customers
for example that use Class-B private IP addresses internally with many
/24s in use who only have 6 external public IP addresses.
If more organizations did that I do not think we would be so near IPv4
And I am sure now the booing and hissing from the peanut gallery will
start at the mention of the N-word. Fine, go F*() yourselves.
>I know that I
>could use some knowledge and help tuning my strategy. Please feel free
>to refer me to a more appropriate venue if this is out of scope for this
>area. I offer this in the spirit of community, and I would greatly
>appreciate hearing about your individual actual progress toward IPv6.
We are still running all IPv4. The thing that has actually concerned
me in recent years is the proliferation of these low-cost edge node
routers. We used to do things like buy used Cisco routers off Ebay
and sell them to customers at cost, just to make sure they used a
router that there was some chance of updating. But today, when you can
buy a product like the Linksys RV042 for under $150 that will do all
the firewalling the customer could want as well as support ipsec vpns
as stable as a PIX, we have thrown in the towel on that deal.
Another thing that is a concern is the tendency to do NAT in the DSL
modems. Time was that both Qwest and Verizon (the DSL carriers we
provision though) handed out bridged-only modems. Today you can't
buy a new DSL modem from either of them that is bridged only, they all
have NATs in them that are on by default, and do not speak IPv6.
We do not do PPPoE so fortunately we are not utterly dependent on the
client speaking it, but I do not relish the thought of having to
spend time walking hundreds of customers through the steps to reset
their NAT dsl modems into bridged-only mode then have them go to the
store and buy IPv6 ethernet-to-ethernet firewalls, or even more
frightening, connecting their Windows Vista systems directly into the
public number network. And that is just the retail end users and
small business customers. Among our large business customers the
thought is even more scary. For example we have one that has a VPN
concentrator with 60 lan2lan IPSec vpn's terminated into it from
points scattered around the US. And at each of these points is an
incredibly unsophisticated local contact that knows nothing about
anything, and these sites have all gotten their Internet connectivity
from the lowest bidder ISP in their region, there's at least a dozen
different ones. And this company contracted us to set this up, about
4 years ago, and have been adding nodes ever since.
>In what seems like it should have been the first step, but is more
>appropriately a later step, I have been granted an IPv6 allocation.
>This will allow us to actually experiment and start constructing our
>IPv6 network. My goal is to have it in place and working well before my
>customers get vocal about demanding it. Plus I won't be scrambling at
>the last minute.
Unless a "killer app" comes along your customers will never demand it.
>I know this doesn't sound like a lot of accomplishment, but I know you
>all are working under the same constraints I am (under-staffed and under
>budgeted at least as regards R&D) and day-to-day business must take
My feeling is that as long as the customers have 1 single device that
isn't IPv6 compliant, they are going to scream and piss and moan if we
ever demand them to switch over, and
for customers that everything is compliant, they are going to demand
that we reconfigure their connectivity for free.
More information about the ARIN-PPML