[arin-ppml] Is this more desired than aTransferPolicy? Needinput

Ted Mittelstaedt tedm at ipinc.net
Tue Nov 18 20:37:41 EST 2008

> -----Original Message-----
> From: James Hess [mailto:mysidia at gmail.com] 
> Sent: Tuesday, November 18, 2008 5:05 PM
> To: Ted Mittelstaedt
> Cc: Jo Rhett; Olivier MJ Crepin-Leblond; ppml at arin.net
> Subject: Re: [arin-ppml] Is this more desired than 
> aTransferPolicy? Needinput
> The total investment that must be made is so massive, because 
> there are so many orgs, and so much of that "inexpensive" sub 
> $100 V4-only equipment floating about. The trouble is the 
> investment doesn't have to be large for any single org to 
> stop them from making it.

You must have not read the Dilbert where the pointy-haired
boss directed Dilbert to buy him a new PC with a series of
PO's costing less than $499 - since that was all he had signing
authority for.

> In most cases, orgs just have to think that the probable 
> immediate benefit is not more than the cost, to rule out 
> investing in V6. Long-term potential benefits or "it's best 
> to the community" are conveniently ignored in many cases.

For orgs that are end-user leaf-node orgs who are not changing
their Internet connection, they do not need to immediately invest in IPv6
gear.  It's not like their ISP will boot them off if they aren't
compliant the day of IPv4-runout.

But, over the long term, that's something else.  I have worked at
many prior corporate employers where the marketing people forced
the IT people to deploy the newest version of MS Office - because
the marketing people liked the interface better.  That expense dwarfs
an IPv6 rollout expense but orgs will do it because the users get
all their information from reading Airline in-flight magazines that
tell them they have to buy the new version of Microsoft software to
remain competitive.

If you really want to get everyone in the US to switch to IPv6 then
have Steve Ballmer make a public announcement at Comdex that
IPv6 is the future - and you will see companies jump for it.

So no, I am not a subscriber to the IT fantasy that all deployments
are done on a TCO analysis.  The vast majority of IT rollouts I
have seen and read about in most US companies are done for political
reasons, not technical ones, and are top-down driven deployments,
and in fact do NOT make any sense from a TCO standpoint.

> >[...]  All Windows XP and Vista and MacOS X
> > systems are IPv6 compliant.  Virtually all REAL routers (ie: Cisco, 
> >Juniper)  can be made IPv6 compliant with modest upgrades.  
> And don't 
> >go defending
> It doesn't involve some sort of  investment in infrastructure 
> to setup V6
> functionality?   Innumerable orgs run XP, and V6 is disabled 
> by default,
> that's hundreds of thousands of PCs.

And 3 years from now?  As much as I would love to believe that
the corporate world is telling Microsoft to take Visa and
shove it up their keister, I know better.  It does not work
that way.  The way it works is Microsoft tells them to jump
and the Microsoft shops all say "how high"

Sure, Vista didn't cause them to all run out and by new machines
this time, the way XP did.  But increasingly XP installs are
arcane, and are not supported on the brand-new consumer grade hardware.
And, despite what Dell would have you believe most businesses
buy the cheaper consumer PC's that come with Vista preloaded.
It is only a matter of time until you won't be able to load XP
on those systems even if you waste a day hunting the Internet for
all the special hardware XP drivers.

> The fact that anyone even thinks about turning it on means 
> there is planning involved. Planning deployment of a new IP 
> protocol also takes investment, typically, just for the 
> consulting or internal IT costs in terms of man-hours spent 
> creating the plan.
> And what about the cost to corporations having to retrain 
> their IT staff to deal with V6? And re-evaluating software 
> choices to make sure network software chosen is V6-enabled. 
> This can be more significant even than replacing the equipment.
> And those routers upgrade and configure themselves, without 
> $$$ costs for the time it takes consultants/admins to 
> actually setup that V6 capability correctly?

They already have to learn about Vista so adding IPv6 into the
list of stuff they need to learn about is not a big deal.

If an admin doesen't understand that a large part of his job is
learning about new technologies, he should not be admining.

I fail to see the need for end users to learn about IPv6.  Most
don't know anything about IP at all, either IPv4 or IPv6.

> > people's ability to use little POS routers like Linksys 
> jobbies that 
> > cost under $100.  Those are throw-away-and-buy-new-ones scenarios. 
> > Cable and DSL modems that have integrated NAT's can be 
> switched into 
> > bridged mode and a IPv6 router can be placed behind them.
> Buying a V6 router to put behind them is an investment.
> > And finally, leaf-node businesses that have a SINGLE 
> connection to the 
> > Internet can replace their existing firewall (that most likely uses 
> > NAT) with a newer one that runs IPv4<->IPv6 proxying, so they won't 
> > even have to bother changing anything.  [...]
> A new firewall is not free.
> How many businesses under 200 employees do you see itching to 
> spend $$$ on brand new firewall hardware to support IPv6,  
> when IPv4 seems to work just fine for them??

They are doing it anyway, though, for many other reasons.

One of the big ones is that you cannot block BitTorrent and other P2P
protocols with most firewalls that were made more than a year or so ago.

We just had 2 customers last week who's Internet connections dropped to a
crawl (these were 3MB connections) due to BitTorrent running on their
internal network that they didn't know about.

There's many reasons to replace the sub-$100 firewalls.  You can block P2P
with a brand new $150 firewall, for instance.

Doubtless by the time those customers need IPv6 they will have more than
gotten their mileage out of their $100 purchase, and there will be new
P2P programs in place that will need blocking.  You can't stop piracy,
you can only throw a roadblock in front of it from time to time.

We also see a high rate of hardware failure on the sub-$100 firewalls.  Such
as around every 2-3 years.

I'm not saying that moving to IPv6 is free.  But it doesen't require
massive investments, not for most orgs.  And the orgs that it will require
massive investments know who they are and presumably are planning for it.


More information about the ARIN-PPML mailing list