[143261] in North American Network Operators' Group
Re: assume v6 available, average cost to implement
daemon@ATHENA.MIT.EDU (Owen DeLong)
Thu Aug 4 15:47:05 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CALFTrnMOqK4gm+hzE3D_d1iDyxz_b-TDYj_xK20TrhsD8ZozFQ@mail.gmail.com>
Date: Thu, 4 Aug 2011 12:45:25 -0700
To: Ray Soucy <rps@maine.edu>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--Apple-Mail=_7D7B43A1-D667-4759-908D-035F560DFA15
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=iso-8859-1
On Aug 4, 2011, at 8:50 AM, Ray Soucy wrote:
> As much of an IPv6 advocate as I am, I think the TCO for the SMB
> regarding IPv6 is often cost- prohibitive. Not because of CapEx, mind
> you, but OpEx. That's something we need to fix within the next year
> if we want to see real IPv6 adoption.
>=20
> Strong IPv6 knowledge is still very rare, especially in the SMB IT =
workforce.
>=20
> Right now, deploying IPv6 doesn't mean just deploying one technology
> but several. Do you have an IPv6 firewall? IPS? IPv6 address
> management solution? Monitoring? Security Policy? The list goes on.
>=20
> To be honest, I'd put the TCO of IPv6 for an SMB to be much closer to
> six figures than five.
>=20
You're looking at a much larger SMB than most SMBs actually are.
For a very large proportion of SMBs, replacing a single CPE device
covers the firewall, address management, and if you think they've got
IPS, monitoring, or a security policy today for IPv4, well, you're =
simply
delusional. There are a few CPE devices out today that can do this,
but, we definitely need more and a wider variety of feature sets.
> There is simply no good solution for them right now. Remember that
> for IPv4, most of the systems mentioned above are provided through a
> unified, inexpensive, and easily managed, multi-function firewall. No
> such product exists for the IPv6 world, at least not in a mature
> state; so the knowledge required is much higher; the number of systems
> and services required is much higher; the cost is... higher.
>=20
Seems to me that the SRX-100 comes reasonably close and has relatively
proximal capabilities in IPv4 and IPv6. However, at $600, it's probably
a bit on the pricey side of many SMB resources.
> I'm sure a few consultants making bank on "deploying" IPv6 for
> organizations without giving any thought to security, operational, or
> performance concerns will be more than happy to chime in and say how
> wrong I am. But trust me, the majority of SMBs aren't completely
> brainless, and all you have to do is talk to them to know that they
> have the exact concerns and conclusions mentioned here.
>=20
As a consultant making "bank" to some extent helping others to
deploy IPv6, I resent your generalization that we must be ignoring
all of those concerns. It's simply not true. I agree that many SMBs
aren't completely brainless, but, to say most ignores the reality that
most SMBs are someone running a shop to make money doing what
they are passionate about, such as SCUBA, sewing, or whatever.
The majority of money comes from larger SMBs, but, the vast majority
of SMBs in the US are actually single-proprietor businesses with
1-5 employees almost always without any sort of dedicated IT
person in the mix. They aren't brainless, but, networking isn't their
focus and all they know about any of those issues is the FUD they
occasionally hear on TV about someone getting hacked.
A responsible consultant will help them apply reasonable measures
to protect themselves and explain the cost/benefit tradeoffs of various
solutions so that they can make a (more) informed decision.
There may be IPv6 consultants out there deploying SMBs on IPv6
irresponsibly, but, not all of us fall into that category.
Owen
> On Wed, Aug 3, 2011 at 11:14 AM, <brunner@nic-naa.net> wrote:
>> Folks,
>>=20
>> In the never ending game of policy whack-a-mole, we are offered the =
claim that
>> that the cost to a small to medium business to make its operational =
purpose
>> v6 address enabled is in the mid-five figures.
>>=20
>> For those of you who do smb consults, some numbers to make a =
hypothetical
>> shop consisting of a quarter rack of gear running nothing more goofy =
than
>> a couple of applications on a couple of ports, basicially, a dbms =
plus a
>> bit of gorp, say in central Kansas, to which some provider, say =
Kansas
>> Telekenesis and Telefriend has just made v6 happy.
>>=20
>> Having renumbered hq.af.mil some time ago, I'm expecting the 50k =
bogie to
>> add colons to some retail insurance office or mortuary in central =
Kansas
>> to be on the exceedingly good dope high side.
>>=20
>> Thanks in advance for real numbers, which I'll sanitize before using =
to
>> attmept to keep one policy playpen slightly less crazy than normal.
>>=20
>> Eric
>>=20
>>=20
>=20
>=20
>=20
> --=20
> Ray Soucy
>=20
> Epic Communications Specialist
>=20
> Phone: +1 (207) 561-3526
>=20
> Networkmaine, a Unit of the University of Maine System
> http://www.networkmaine.net/
--Apple-Mail=_7D7B43A1-D667-4759-908D-035F560DFA15
Content-Disposition: attachment;
filename=smime.p7s
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIERDCCBEAw
ggOpoAMCAQICARQwDQYJKoZIhvcNAQEFBQAwgaYxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTER
MA8GA1UEBxMIU2FuIEpvc2UxGjAYBgNVBAoTEURlTG9uZyBDb25zdWx0aW5nMSUwIwYDVQQLExxE
ZUxvbmcgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQDEw1jYS5kZWxvbmcuY29tMRwwGgYJ
KoZIhvcNAQkBFg1jYUBkZWxvbmcuY29tMB4XDTA2MTIxNjE2MzcxN1oXDTE2MTIxMzE2MzcxN1ow
fTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRowGAYDVQQKExFEZUxvbmcgQ29uc3VsdGluZzEP
MA0GA1UECxMGUGVyc29uMRQwEgYDVQQDEwtPd2VuIERlTG9uZzEeMBwGCSqGSIb3DQEJARYPb3dl
bkBkZWxvbmcuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7H7JBEUaAy56E6qY
0JoHKfI+6QT7hYjnc1JezeZOA5XxK7QERkx8rdcND47xeNXjw06ZMjfhrcGkxM+1PEatBxC1Aax1
V95fKtw0DkNMKRgH138E6mZhwuWsvcA1bhxJQQc++SumEX5Uyr5dX4jYy2WgmaLKc8TD/N5G+/zb
Rc1sLrznovNvv7daKfDFlufRkPnLpeG0gx/HIFa4csMNYH2rdLt2xUBAt4TSy3fjEbp0HFVRJI4G
QRHbMmb6tBMnT9vpUZrwMHydqHHTiGr2A8PgdQeQLNEknKynVFTjJIXhBUSINhCl2HtQA+TKv+gu
EF9HrIybZSDlhGym0JUgKwIDAQABo4IBIDCCARwwCQYDVR0TBAIwADAdBgNVHQ4EFgQUzaaV8BC8
UhxaWk6IQTpqK9mLnSgwgdMGA1UdIwSByzCByIAU15gTZIxt8E1K2l0KkjrRFpdc5eyhgaykgakw
gaYxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTERMA8GA1UEBxMIU2FuIEpvc2UxGjAYBgNVBAoT
EURlTG9uZyBDb25zdWx0aW5nMSUwIwYDVQQLExxEZUxvbmcgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
MRYwFAYDVQQDEw1jYS5kZWxvbmcuY29tMRwwGgYJKoZIhvcNAQkBFg1jYUBkZWxvbmcuY29tggEA
MBoGA1UdEQQTMBGBD293ZW5AZGVsb25nLmNvbTANBgkqhkiG9w0BAQUFAAOBgQCWRsD48eQfaNKH
K2lohMTD9voszp/GuoWTyi6RckNxW0b0V0gv7ZGH1BUmgq2Jt7SjIis7vTY3FCZUDcR9e7fpBXJL
/euk2pPEBSHbCWAYO+uFeZ17UHz0WtInBB7Yo2EHUrkf4jeJDL7rHOG5YOVQzoV1+vdFkmQvPCPX
zPyYyzGCA7cwggOzAgEBMIGsMIGmMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExETAPBgNVBAcT
CFNhbiBKb3NlMRowGAYDVQQKExFEZUxvbmcgQ29uc3VsdGluZzElMCMGA1UECxMcRGVMb25nIENl
cnRpZmljYXRlIEF1dGhvcml0eTEWMBQGA1UEAxMNY2EuZGVsb25nLmNvbTEcMBoGCSqGSIb3DQEJ
ARYNY2FAZGVsb25nLmNvbQIBFDAJBgUrDgMCGgUAoIIB3zAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN
AQcBMBwGCSqGSIb3DQEJBTEPFw0xMTA4MDQxOTQ1MjZaMCMGCSqGSIb3DQEJBDEWBBR6wQa5O0HZ
W8mEFIHdSTqXubZ2KDCBvQYJKwYBBAGCNxAEMYGvMIGsMIGmMQswCQYDVQQGEwJVUzELMAkGA1UE
CBMCQ0ExETAPBgNVBAcTCFNhbiBKb3NlMRowGAYDVQQKExFEZUxvbmcgQ29uc3VsdGluZzElMCMG
A1UECxMcRGVMb25nIENlcnRpZmljYXRlIEF1dGhvcml0eTEWMBQGA1UEAxMNY2EuZGVsb25nLmNv
bTEcMBoGCSqGSIb3DQEJARYNY2FAZGVsb25nLmNvbQIBFDCBvwYLKoZIhvcNAQkQAgsxga+ggaww
gaYxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTERMA8GA1UEBxMIU2FuIEpvc2UxGjAYBgNVBAoT
EURlTG9uZyBDb25zdWx0aW5nMSUwIwYDVQQLExxEZUxvbmcgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
MRYwFAYDVQQDEw1jYS5kZWxvbmcuY29tMRwwGgYJKoZIhvcNAQkBFg1jYUBkZWxvbmcuY29tAgEU
MA0GCSqGSIb3DQEBAQUABIIBAKh2E7vjsMncNkx2HX0tcl7HalDiiQNNeMLXa3EFh/f3JRr84gaA
AuhuqIHD/6ZXoo2wQv0pnrF1tj792BoI5ZR6Ibv3JKSeEPWhQyyo0CiukRnR7WBr+n8XotREkN/K
NvNuNkDqVIWomHRjPPnZ7qXUHIHhvguNtZQQlhtNJ5pfNmEzp0PBAcGewgOOYfXtN0UbXDCOUSda
MlOAYOjEWmXMlDrzArmzaomy2yeUZ7qrGfJOh0TSRufkwbnp1mPrZ+5oT2Lugjp7zF6erib6nvAg
nstGKRE+FcwFWB7WQnGeprgVBJ3BDJewcuNCwHP5iH/kZKV7DUpu+ohODa3k354AAAAAAAA=
--Apple-Mail=_7D7B43A1-D667-4759-908D-035F560DFA15--
