[ppml] IPv6 getting real: was Policy Proposal: IPv4 TransferPolicy Proposal

[Kevin Oberman]

> Date: Thu, 14 Feb 2008 14:49:10 -0000
> From: <michael.dillon at bt.com>
> Sender: ppml-bounces at arin.net
> 
> 
> > As I stated earlier, the biggest drawback up here in the 
> > boonies is that none of my upstream providers are offering 
> > IPv6.  The day after I have
> > IPv6 upstream available I will be routing, in some shape or fashion.
> 
> This is a widely held position which suggests that IPv6 will
> mainly be deployed from the network core outwards to the edges.
> This means that the largest ISPs and other core service providers
> have to be first. When I say "core service providers" I mean things
> like DNS providers (finally IPv6 glue records are appearing in root
> nameservers) and RIRs like ARIN. 
> 
> I don't consider ARIN conference attendees to be core service
> providers which is why I consider the shutting down of IPv4
> service to be little more than a stunt. ARIN plays the role of
> ISP during a conference and it is ARIN which should be adapting
> their services not the attendees. If ARIN cannot offer an Internet
> service that just plain works, regardless of whether a laptop has
> IPv4 or IPv6 or both configured, then who can? Where will we learn
> to provide such a service? The only thing that comes from this
> stunt, other than some disruption of the meeting, is that a few
> people will get their laptops configured to run with both IPv4
> and IPv6, but this does NOTHING to further the work that needs
> to be done.
> 
> Of course today the answer probably is that nobody can. But if we
> don't begin to make the effort, however imperfect, we will not 
> get through this transition without a lot of pain. 
> 
> In the early days of the Internet, a lot of things did not work 
> properly. But people repeatedly came together at meetings like
> Interop to try and make things work, take notes on problem areas,
> and go back home to fix what was broken. Eventually, this paid off.
> IPv6 is no different and will not just fall from the sky, fully
> formed and perfect, wrapped up in a nice turquoise box with a 
> vendor's label on the side.

Sorry to be so late into this discussion. The flu has put me a bit
behind.

Like Randy and a VERY few others, I have been involved in engineering a
production quality native IPv6 for some time.

Unlike the commercial world, the research and educational networks of
the world mostly provide full IPv6 capability. Some of us have been
providing production IPv6 for over half a decade.

The fact that IPv6 is available to most users at many major universities
in the US, Canada, and Europe should mean a fair amount of
traffic. After all, it's in the core. You would think college students
would be trading MP3s or movies or something. (I've heard many rumors
that they have been known to do so over IPv4.)

Is there traffic? Not that I have seen. Is there demand? Not that I have
seen. Is there interest? At least a bit more than I typically see in
the commercial Internet, but not a whole lot.

Every major router vendor offers "full" IPv6 support. It's just that the
definition of "full" is a bit fuzzy. It often is synonymous with
"half-baked".

IPv6 often lacks many features we take for granted in IPv4. Want to see
how many IPv4 bytes are accepted from a peer? No problem. I simple SNMP
query and you have the data. But for IPv6 on at least two major router
vendors, no way. I can only count packets with no way to guess the
average packet size or byte count.

Is this "full" support? I guess.

Lots of management and security gear claims IPv6 capabilities, but it's
often more of a check-box things that was never really debugged or made
remotely practical. A product that can process IPv4 traffic at 4 Mpps
might only process IPv6 at 400 Kpps. This works fine today because of
the lack of IPv6 traffic. You may not be too happy if we start getting
"real" IPv6 loads. (And there are some significant exceptions.)

How do you feel about not having fully functional security and management
tools? You think the bad guys don't know what IPv6 is?

How well vetted is the security of the IPv6 code in anything? Leaves me
VERY nervous. I have every confidence that there are a bunch of ugly,
gaping security holes in IPv6 code that are just waiting for the bad
guys to find them.

And my final point, the DFZ is huge and continuing to grow at a steady
pace that threatens to outstrip hardware capacity. I should remind yo
that IPv6 addresses are 4 times as long and they will take more space in
the FIB than IPv4 addresses (2-4 times, oddly). If services all start to
move to dual stack, what happens to the FIB? hardware is near capacity,
so lets tripple the TCAM requirement. Sounds good to me.

Would people stop thinking the the "simple" adoption of IPv6 is going to
fix everything all by itself?  It is likely to break a LOT of stuff in
the process. In a business this is often NOT considered a way to
succeed. (I'm resisting the obvious Microsoft comment.)

The world will not end. The Internet will not die, but it may not be a
lot of fun, either. It sure won't be easy.
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net			Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 224 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20080215/a67ccf1a/attachment.sig>