[170193] in North American Network Operators' Group
RE: IPv6 Security [Was: Re: misunderstanding scale]
daemon@ATHENA.MIT.EDU (Naslund, Steve)
Mon Mar 24 22:17:39 2014
From: "Naslund, Steve" <SNaslund@medline.com>
To: Paul Ferguson <fergdawgster@mykolab.com>, Owen DeLong <owen@delong.com>
Date: Tue, 25 Mar 2014 02:17:02 +0000
In-Reply-To: <5330DE44.1020506@mykolab.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I can easily answer that one as a holder of v4 space at a commercial entity=
. The end user does not feel any compelling reason to move to ipv6 if they=
have enough v4 space.
I can't give my employer a solid business case of why they need to make the=
IPv6 transition. They already hold enough v4 space and are putting more a=
nd more servers behind virtual IPs on boxes like the F5 so they are actuall=
y gaining on the v4 space issue. They see no economic reason to add an add=
itional layer of complexity to their network where it is already pretty exp=
ensive to find savvy staff. Having to find v6 savvy staff is even more cha=
llenging. Even if the network guys are up to speed on v6 (admittedly a lot=
of the junior guys are not) the server and storage guys have a hard time w=
rapping their minds completely around ipv4.
As soon as they see an economic reason to move toward a v6 deployment I am =
sure they will do so. The major cost is time not money. The engineering st=
aff has quite enough to keep them busy without looking for projects with no=
ROI for the near future. As soon as ipv6 users cannot reach ipv4 sites, t=
hey will need an ipv6 presence. It is very much a chicken and egg problem.=
Ipv6 users need to reach ipv4 sites and the fact that they can makes it u=
nnecessary for the ipv4 sites move to ipv6. Most commercial entities that =
are not in the gaming and multimedia do not feel any performance hit on v4 =
to v6 so there is no current pain point for the current ipv4 holders unless=
they are experiencing the need for more address space. The commercial use=
rs that have been around a long time typically have pretty large allocation=
s (/24 or better) and the majority of them do not need that many public fac=
ing addresses.
The thing that will push them toward a v6 infrastructure is having most of =
their customers on ipv6 and their being some performance penalty that they =
see for being ipv4 only.
We are doing some lab testing on v6 and trying to get more experience for t=
he junior guys but there are lots of legacy stuff and lots of old code that=
is not v6 aware. That stuff is slowly going away but there is no real pus=
h for that to happen. Running the v6 infrastructure in parallel with the v=
4 infrastructure does not gain anyone very much, unfortunately they will ha=
ve to run in parallel for quite some time. Another issue is having all of =
their global MPLS carriers and Internet service providers supplying dual st=
ack capability on those circuits. There is just not enough v6 traffic to m=
ake the case for dedicated access circuits supporting just ipv6.
Steven Naslund
Chicago IL
>>It is unsettling to see such dismissive attitudes.
>>I'll leave it as an exercise for the remainder of... everywhere to figure=
out why there is resistance to v6 migration, and it isn't "just because" p=
eople can't be bothered.
>>Your customers are your compasses. And as Randy Bush always like to say (=
paraphrased), "I encourage my competitors to dismiss customer concerns over=
IPv6 migration."
