[arin-ppml] Set aside round deux
Owen DeLong
owen at delong.com
Sat Jul 31 14:39:42 EDT 2010
On Jul 30, 2010, at 7:20 PM, Roger Marquis wrote:
> Owen DeLong wrote:
>> Not sure why you think IPv6 is either infeasible or incorrect, given the
>> large deployments actually operating with it.
>
> The reasons IPv6 is currently infeasible for the overwhelming majority
> have been gone over in detail and at length many times in this forum.
> Anyone following these threads and still claiming to be "not sure" of the
> impediments is either unsure by choice or playing rhetorical games. The
> rest of the connected world understands the drawbacks as the lack of IPv6
> uptake over the past decade clearly illustrates.
I didn't say I was unsure of the impediments. I said I was unsure why you
thought IPv6 was infeasible (it isn't) or incorrect (that's such a subjective
term in this context).
However, since you choose not to answer here, I'll go based on your
previous statements:
The lack of uptake for most people has little to do with the reasons you
have stated in the past.
The primary cause for lack of IPv6 uptake is quite simple... Organizational
Inertia. Other phrases that describe this commonly include:
"If it ain't broke, don't fix it."
"It's not a priority yet."
Lack of NAT really isn't a barrier to anyone who takes the time to actually
understand IPv6.
Address hiding can be accomplished quite easily by using privacy
address extensions as described in RFCs 3041 and 4941.
If you're worried about avoiding renumbering when you switch providers,
the answer is quite simple... Pick two.
Connect to two providers and apply for your space directly from ARIN.
You can get a /48 (or larger if you need) for less than the cost of a
new medium-large NAT gateway as a one-time fee and a mere $100/year
thereafter.
This avoids all those pesky source address selection problems, too.
Oh, and the adoption of IPv6 is clearly accelerating at this time. My bet
is it will continue to do so and that we'll see pretty wide-spread deployment
in less than 2 years, with near ubiquity in about 4-5 years. I also think that
the post-runout IPv4 world is going to create a great deal of pressure to
deprecate IPv4 much sooner than most people think due to the high costs
of maintaining and routing it in an address-trading-market world where
at least one RIR is allowing people to buy and sell down to the /32.
Even in ARIN with /24 as the lower limit, a couple of As getting sold
off as /24s would mean 130,000 more prefixes in the routing table.
There are far too many organizations running IPv6 for me to believe that
it cannot be deployed.
Finally, IIRC, you were also claiming that anyone who needs to
pass PCI, SOX, HIPPA, or SAS70 audits needed NAT. My
understanding is that the PCIA is in the process of revising their
audit documentation to clarify that NAT is recommended (not
required) for IPv4 only. As to HIPPA and SOX, since each auditor
kind of makes up their own criteria as they go along, that's a much
harder education effort, but, neither regulation even mentions
NAT, topological obfuscation, or even address privacy.
That leave SAS70. I don't have enough familiarity with the
SAS70 process or even the governing organization that sets
standards for SAS70 audits to comment meaningfully. I suspect,
however, given the situation, they will likely be reviewing the
issue soon enough and remove NAT from their
audit specifications too.
Yes, IPv6 requires education. No, there are no insurmountable
problems remaining in IPv6. Yes, it has some warts and some
things that could have been done better. However, it's no worse
than IPv4, and, the lack of NAT makes it quite a bit better in many
ways.
Owen
More information about the ARIN-PPML
mailing list