[161403] in North American Network Operators' Group
Re: What Should an Engineer Address when 'Selling' IPv6 to Executives?
daemon@ATHENA.MIT.EDU (Owen DeLong)
Tue Mar 12 13:07:56 2013
From: Owen DeLong <owen@delong.com>
In-Reply-To: <op.wttupkufhnppdy@soprano.home>
Date: Tue, 12 Mar 2013 10:05:34 -0700
To: kpospisek@bigpond.com
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Dual stack is a (very) temporary solution while waiting for some others =
to catch
up and deploy IPv6. Contemplating dual-stack as a permanent or long-term
solution ignores the extent to which IPv4 is utterly unsustainable at =
this point.
Owen
On Mar 12, 2013, at 02:45 , kpospisek@bigpond.com wrote:
>=20
> I would be concerned in strongly spruiking advantages of IPv6 to
> executives if an IPv6 dual stack solution is actually being deployed.
> (ie. some given IPv6 SS advantages below do not apply to IPv6 DS)
>=20
>> 1. Decreased application complexity:
>> Because we will be able to get rid of all that =
NAT traversal code,
>> we get the following benefits:
>>=20
>> I. Improved security
>> A. Fewer code paths to test
>> B. Lower complexity =3D less =
opportunity to introduce flaws
>> II. Lower cost
>> A. Less developer man hours =
maintaining (or developing) NAT traversal code
>> B. Less QA time spent testing NAT =
traversal code
>> C. No longer need to keep the lab =
stocked with every NAT implementation ever invented
>> D. Fewer calls to support for =
failures in product's NAT traversal code
>> 2. Increased transparency:
>> Because addressing is now end-to-end =
transparent, we gain a
>> number of benefits:
>>=20
>> I. Improved Security
>> A. Harder for attackers to hide in =
anonymous address space.
>> B. Easier to track down spoofing
>> C. Simplified log correlation
>> D. Easier to identify source/target =
of attacks
>> II. Simplified troubleshooting
>> A. No more need to include state =
table dumps in troubleshooting
>> B. tcpdump inside and tcpdump =
outside contain the same packets.
>>=20
>=20
>=20
> There are two well documented advantages to IPv6 dual stack:
>=20
> - responding to customers requesting IPv6 dual stack connectivity
> - excellent access to the IPv4 network
>=20
> IPv6 is a *different* network to IPv4 even if both networks happen to =
be
> carried on the same platforms (thank you Cisco, F5, Juniper etc -
> without this, our execs would be seriously baulking at having to =
replace fairly
> modern hardware).
>=20
> I have also noticed examples given of historic protocol changes. Not =
all of
> these are relevant as some of them only involved "middle" OSI layers, =
so
> do not apply very well to the IPv6->IPv6 transition.
>=20
>=20
> Greets
> Engineer Karl Pospisek (alias kpospisek@telstra.com)
