On Wed, 29 Oct 2008 16:29:40 -0700 "David W. Hankins" <David_Hankins@isc.org> wrote:
On Wed, Oct 29, 2008 at 06:32:31PM -0400, Steven King wrote:
Does anyone see any benefits to beginning a small deployment of IPv6 now even if its just for internal usage?
It is almost lunacy to deploy IPv6 in a customer-facing sense (note for example Google's choice to put its AAAA on a separate FQDN). At this point, I'd say people are still trying to figure out how clients will migrate to IPv6. Which seems like a pretty bad time to still be trying to figure that out, but ohwell.
Once, after hearing Vint Cerf give a cheerleading talk for v6, I asked why google.com didn't have a AAAA record. He just groaned -- but of course I knew the answer just as well as he did.
It is at this time more a question of strategic positioning. The kind of thing your boss should be thinking about.
Switching your management network to IPv6 single-stack frees up IPv4 addresses (depending on how big your management network is) to use in customer-facing areas, which gives your network longer legs in the projected IPv4 address shortfall. If you get really pressed, you can tunnel your IPv4 network over an IPv6-only backbone, giving you another handful of precious moneymaking IPv4 addresses.
Having your backbone and servers AAAA'd (even on separate FQDN's), tested, and ready to go puts you ahead of the curve if clients start rolling out (you can just move your AAAA's around).
Starting now on collecting IPv6 peering wherever you peer puts you ahead of the curve in the quality of your network's connectedness, again presuming this IPv6 thing takes off.
And of course you need to "run your own dog food" on internal LANs before you start telling customers these IPv6 address thingies are useful.
IPv6: It's kind of like storing dry food in preparation for the apocalypse.
I'd rate the probability of v6 as rather higher... More seriously -- you need to get experience with it, and you need to at least understand where your internal support systems and databases have v4-only wired in. I'm not saying that substantial, real-world demand for v6 is imminent or even certain (although frankly, I regard it as more likely than not). I am saying that the probability of it is high enough that preparation is simply ordinary prudence. I posted the story link because for the first time since v6 was real, there's a *feature* that people will want that relies on it. Never mind lots of addresses; you can't easily sell that to management. But something that will make security management easier and cheaper -- you may be able to avoid triangle routing, with the consequent need for bigger pipes -- is a story they'll understand. You want to be ready to serve those customers. --Steve Bellovin, http://www.cs.columbia.edu/~smb