|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Wed, 29 Oct 2008 21:10:41 -0400 From: "Steven M. Bellovin" <smb@cs.columbia.edu> To: nanog@nanog.org In-Reply-To: <20081029232940.GC5212@isc.org> Errors-To: nanog-bounces@nanog.org --Sig_/FH/wSqFkjpQM8xT8IU.nkwW Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Wed, 29 Oct 2008 16:29:40 -0700 "David W. Hankins" <David_Hankins@isc.org> wrote: > On Wed, Oct 29, 2008 at 06:32:31PM -0400, Steven King wrote: > > Does anyone see any benefits to beginning a small deployment of > > IPv6 now even if its just for internal usage? >=20 > It is almost lunacy to deploy IPv6 in a customer-facing sense (note > for example Google's choice to put its AAAA on a separate FQDN). At > this point, I'd say people are still trying to figure out how clients > will migrate to IPv6. Which seems like a pretty bad time to still be > trying to figure that out, but ohwell. >=20 Once, after hearing Vint Cerf give a cheerleading talk for v6, I asked why google.com didn't have a AAAA record. He just groaned -- but of course I knew the answer just as well as he did. >=20 > It is at this time more a question of strategic positioning. The > kind of thing your boss should be thinking about. >=20 > Switching your management network to IPv6 single-stack frees up > IPv4 addresses (depending on how big your management network is) > to use in customer-facing areas, which gives your network longer > legs in the projected IPv4 address shortfall. If you get really > pressed, you can tunnel your IPv4 network over an IPv6-only backbone, > giving you another handful of precious moneymaking IPv4 addresses. >=20 > Having your backbone and servers AAAA'd (even on separate FQDN's), > tested, and ready to go puts you ahead of the curve if clients start > rolling out (you can just move your AAAA's around). >=20 > Starting now on collecting IPv6 peering wherever you peer puts you > ahead of the curve in the quality of your network's connectedness, > again presuming this IPv6 thing takes off. >=20 > And of course you need to "run your own dog food" on internal LANs > before you start telling customers these IPv6 address thingies are > useful. > >=20 > IPv6: It's kind of like storing dry food in preparation for the > apocalypse. >=20 I'd rate the probability of v6 as rather higher... More seriously -- you need to get experience with it, and you need to at least understand where your internal support systems and databases have v4-only wired in. I'm not saying that substantial, real-world demand for v6 is imminent or even certain (although frankly, I regard it as more likely than not). I am saying that the probability of it is high enough that preparation is simply ordinary prudence. I posted the story link because for the first time since v6 was real, there's a *feature* that people will want that relies on it. Never mind lots of addresses; you can't easily sell that to management. But something that will make security management easier and cheaper -- you may be able to avoid triangle routing, with the consequent need for bigger pipes -- is a story they'll understand. You want to be ready to serve those customers. --Steve Bellovin, http://www.cs.columbia.edu/~smb --Sig_/FH/wSqFkjpQM8xT8IU.nkwW Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (NetBSD) iQCVAwUBSQkJkU7/+MPD/ExpAQIzygP+J4IAFNfwrGNcjQYUxvXRIiNUfpeyts67 2A3nZM1nftaFte7ixjmUey5cBNfvE2rGg77u931+E+UYo2nYHYdANcsvnzm6hPv1 dpY3OtXZeeJimpdKXFSHCdXJvBC2v+aLtfwctxNwZADX+RbcO0ySPSBF2O76O+Ss +9BTdvTk6Po= =HIxn -----END PGP SIGNATURE----- --Sig_/FH/wSqFkjpQM8xT8IU.nkwW--
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |