[arin-ppml] Set aside round deux

Owen DeLong owen at delong.com
Sat Jul 31 23:22:59 EDT 2010

On Jul 31, 2010, at 2:29 PM, Ted Mittelstaedt wrote:

> On 7/31/2010 11:39 AM, Owen DeLong wrote:
>> On Jul 30, 2010, at 7:20 PM, Roger Marquis wrote:
>>> Owen DeLong wrote:
>>>> Not sure why you think IPv6 is either infeasible or incorrect, given the
>>>> large deployments actually operating with it.
>>> The reasons IPv6 is currently infeasible for the overwhelming majority
>>> have been gone over in detail and at length many times in this forum.
>>> Anyone following these threads and still claiming to be "not sure" of the
>>> impediments is either unsure by choice or playing rhetorical games.  The
>>> rest of the connected world understands the drawbacks as the lack of IPv6
>>> uptake over the past decade clearly illustrates.
>> I didn't say I was unsure of the impediments. I said I was unsure why you
>> thought IPv6 was infeasible (it isn't) or incorrect (that's such a subjective
>> term in this context).
>> However, since you choose not to answer here, I'll go based on your
>> previous statements:
>> The lack of uptake for most people has little to do with the reasons you
>> have stated in the past.
>> The primary cause for lack of IPv6 uptake is quite simple... Organizational
>> Inertia. Other phrases that describe this commonly include:
>> 	"If it ain't broke, don't fix it."
>> 	"It's not a priority yet."
>> Lack of NAT really isn't a barrier to anyone who takes the time to actually
>> understand IPv6.
>> Address hiding can be accomplished quite easily by using privacy
>> address extensions as described in RFCs 3041 and 4941.
>> If you're worried about avoiding renumbering when you switch providers,
>> the answer is quite simple... Pick two.
>> Connect to two providers and apply for your space directly from ARIN.
>> You can get a /48 (or larger if you need) for less than the cost of a
>> new medium-large NAT gateway as a one-time fee and a mere $100/year
>> thereafter.
>> This avoids all those pesky source address selection problems, too.
> There's no question that it's quite possible to deploy and use IPv6.
> Unfortunately the largest wart IMHO is the lack of a standard for
> distributing DNS server IP addresses via auto assignment.  You
> take the position that NAT is awful, I find DHCPv6 to be far worse.
>> Oh, and the adoption of IPv6 is clearly accelerating at this time. My bet
>> is it will continue to do so and that we'll see pretty wide-spread deployment
>> in less than 2 years, with near ubiquity in about 4-5 years.
> I disagree unless you mean near ubiquity on the provider side.  It's going to be many, many years before the end-users start using it even
> though their provider offers it.
We shall see.  I suspect it will happen a lot faster than you expect due
to the pressure that will be brought to bear from strong economic 
incentives to deprecate IPv4.

>> I also think that
>> the post-runout IPv4 world is going to create a great deal of pressure to
>> deprecate IPv4 much sooner than most people think
> I hope this is true.
I see one of two things happening:

1.	The address market is a total flop, nobody wants to sell addresses
	at any price. Result: the need for addresses drives a strong and rapid
	shift towards IPv6.


2.	The address market is a wild success, /8s are deaggregated left
	and right and sold off as /24s everywhere. The routing table explodes.
	Creating a strong economic incentive to deprecate IPv4 just to keep
	the internet routable.

>> There are far too many organizations running IPv6 for me to believe that
>> it cannot be deployed.
> And how many of those orgs are IPv6 ONLY?
Who said anything about IPv6 only. Deployment of IPv6 does not depend
on deprecation of IPv4. Quite the opposite.

>> Yes, IPv6 requires education. No, there are no insurmountable
>> problems remaining in IPv6. Yes, it has some warts and some
>> things that could have been done better. However, it's no worse
>> than IPv4, and, the lack of NAT makes it quite a bit better in many
>> ways.
> Please keep in mind that people who do not have experience with
> enterprise networks, who are coming at this from a small company
> perspective, where everyone is single-homed, simply do not understand
> the difficulties that NAT introduces to multi-site WANs.  NAT
> is the "poor man's firewall" to the single-homers and it is
> deployed on millions of residential CPEs and works well on most of
> them, so continuing to harp on how the lack of NAT is a benefit
> to IPv6 goes completely over many people's heads.

I have substantial experience with SOHO, small enterprise and
large enterprise networks as well as service provider networks
of just about any scale.

The fact that NAT is widespread does not mean we can't deploy
IPv6 without introducing that damage to IPv6. NAT is not the poor
man's firewall, just a case of ignorance on the part of the poor
man. The poor man's firewall is and has long been stateful
inspection with a default deny inbound policy for all traffic not
matching an existing state table entry. That works with or
without the address mangling of NAT. NAT, on the other hand,
does not work without stateful inspection.

NAT does cause problems even for the single-homed small
environment, whether those environments are aware of the
problems or not.


More information about the ARIN-PPML mailing list