On Oct 4, 2015, at 8:33 AM, Jon Lewis <jlewis@lewis.org> wrote:
On Sun, 4 Oct 2015, Mel Beckman wrote:
If it doesn't support IPSec, it's not really IPv6. Just as if it failed to support any other mandatory IPv6 specification, such as RA.
Go tell cisco that. IIRC, the first network I dual-stacked, I was kind of surprised when I found I could not use authentication in OSPFv3, because OSPFv3 assumes IPv6 will supply the IPSec to do auth...but these routers didn't support IPSec. They still managed to route IPv6 and support IPv6 customers...so it really was IPv6...just not the full suite of everything you'd expect from IPv6.
A router with OSPFv3 and no IPSec for securing the OSPFv3 sessions really is an incomplete implementation. This is one case where IPSec really should be considered mandatory rather than recommended.
Your observation simply means that users must be informed when buying IPv6 devices, just as they must with any product. You can buy either genuine IPv6 or half-baked IPv6 products. When I speak of IPv6, I speak only of the genuine article.
Does anyone buy "IPv6 devices”?
Yes… For some definitions of that term.
The biggest hurdle I've seen with IPv6 adoption (i.e. going dual-stack, with the idea that we'll gradually transition most things / most traffic from v4 to v6) is the number of end-user network providers that don't offer v6 at all. My home cable internet provider still doesn't offer IPv6. When I asked one of their support people about it recently, I was told not to worry, they have plenty of v4 addresses left, but it was implied that they do plan to start offering v6 sometime soon. They should have started rolling out IPv6 to any customers that wanted it years ago, so that by today, it would be standard for all their installations to be dual-stack. But here we are, nearly 2016, and they don't have a single IPv6 customer (AFAIK) yet.
Yeah, lots of providers still don’t get it like that. The problem is we’ve also done a poor job training people who call them up asking for IPv6. Many accept “We have plenty of IPv4 addresses” as an answer. Instead, the followup question is needed… “That’s great, but how does that help me reach a web site that doesn’t have and can’t get an IPv4 address?” Owen