assume v6 available, average cost to implement
Folks, In the never ending game of policy whack-a-mole, we are offered the claim that that the cost to a small to medium business to make its operational purpose v6 address enabled is in the mid-five figures. For those of you who do smb consults, some numbers to make a hypothetical shop consisting of a quarter rack of gear running nothing more goofy than a couple of applications on a couple of ports, basicially, a dbms plus a bit of gorp, say in central Kansas, to which some provider, say Kansas Telekenesis and Telefriend has just made v6 happy. Having renumbered hq.af.mil some time ago, I'm expecting the 50k bogie to add colons to some retail insurance office or mortuary in central Kansas to be on the exceedingly good dope high side. Thanks in advance for real numbers, which I'll sanitize before using to attmept to keep one policy playpen slightly less crazy than normal. Eric
On 08/03/2011 11:14 AM, brunner@nic-naa.net wrote:
Folks,
In the never ending game of policy whack-a-mole, we are offered the claim that that the cost to a small to medium business to make its operational purpose v6 address enabled is in the mid-five figures.
For those of you who do smb consults, some numbers to make a hypothetical shop consisting of a quarter rack of gear running nothing more goofy than a couple of applications on a couple of ports, basicially, a dbms plus a bit of gorp, say in central Kansas, to which some provider, say Kansas Telekenesis and Telefriend has just made v6 happy.
Having renumbered hq.af.mil some time ago, I'm expecting the 50k bogie to add colons to some retail insurance office or mortuary in central Kansas to be on the exceedingly good dope high side.
Thanks in advance for real numbers, which I'll sanitize before using to attmept to keep one policy playpen slightly less crazy than normal.
I have dual-stacked 4 networks so far, 3 small (soekris freebsd router) and one larger (3 7206vxr, all border+core). The first small one started with the soekris in v4-only (comcast), added a tunnel and then took a week or two of evenings to straighten out. The second (also comcast v4-only) changed out a netscreen to the soekris when we multihomed, then added a v6 tunnel and dual-stacked all 10 internal vlans; this took a few days of my time spread over a week or two (never v6-enabled the xp or win2003 systems, though. Linux, BSD, and vista+win7 all "just worked". I'm not sure if samba is properly v6-configured yet but it doesn't (so far) matter). The third small one took one evening (it was a duplicate of the first small one, both single-homed home systems with soekris freebsd routers.) The 7206 one is still progressing without (so far) a v6 IGP, and only a few vlans actually dual-stacked. It does have BGP6 working on two of the borders (and ibgp to all 3) so the system is native and not tunneled (except for one remote location with a v4-only T1 connection). So the most for a "small business" size system was the home one with the learning curve at maybe 2 weeks of evenings (probably 30 hours). The last was probably 4. -- Pete
As much of an IPv6 advocate as I am, I think the TCO for the SMB regarding IPv6 is often cost- prohibitive. Not because of CapEx, mind you, but OpEx. That's something we need to fix within the next year if we want to see real IPv6 adoption. Strong IPv6 knowledge is still very rare, especially in the SMB IT workforce. Right now, deploying IPv6 doesn't mean just deploying one technology but several. Do you have an IPv6 firewall? IPS? IPv6 address management solution? Monitoring? Security Policy? The list goes on. To be honest, I'd put the TCO of IPv6 for an SMB to be much closer to six figures than five. There is simply no good solution for them right now. Remember that for IPv4, most of the systems mentioned above are provided through a unified, inexpensive, and easily managed, multi-function firewall. No such product exists for the IPv6 world, at least not in a mature state; so the knowledge required is much higher; the number of systems and services required is much higher; the cost is... higher. I'm sure a few consultants making bank on "deploying" IPv6 for organizations without giving any thought to security, operational, or performance concerns will be more than happy to chime in and say how wrong I am. But trust me, the majority of SMBs aren't completely brainless, and all you have to do is talk to them to know that they have the exact concerns and conclusions mentioned here. On Wed, Aug 3, 2011 at 11:14 AM, <brunner@nic-naa.net> wrote:
Folks,
In the never ending game of policy whack-a-mole, we are offered the claim that that the cost to a small to medium business to make its operational purpose v6 address enabled is in the mid-five figures.
For those of you who do smb consults, some numbers to make a hypothetical shop consisting of a quarter rack of gear running nothing more goofy than a couple of applications on a couple of ports, basicially, a dbms plus a bit of gorp, say in central Kansas, to which some provider, say Kansas Telekenesis and Telefriend has just made v6 happy.
Having renumbered hq.af.mil some time ago, I'm expecting the 50k bogie to add colons to some retail insurance office or mortuary in central Kansas to be on the exceedingly good dope high side.
Thanks in advance for real numbers, which I'll sanitize before using to attmept to keep one policy playpen slightly less crazy than normal.
Eric
-- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/
On Aug 4, 2011, at 8:50 AM, Ray Soucy wrote:
As much of an IPv6 advocate as I am, I think the TCO for the SMB regarding IPv6 is often cost- prohibitive. Not because of CapEx, mind you, but OpEx. That's something we need to fix within the next year if we want to see real IPv6 adoption.
Strong IPv6 knowledge is still very rare, especially in the SMB IT workforce.
Right now, deploying IPv6 doesn't mean just deploying one technology but several. Do you have an IPv6 firewall? IPS? IPv6 address management solution? Monitoring? Security Policy? The list goes on.
To be honest, I'd put the TCO of IPv6 for an SMB to be much closer to six figures than five.
You're looking at a much larger SMB than most SMBs actually are. For a very large proportion of SMBs, replacing a single CPE device covers the firewall, address management, and if you think they've got IPS, monitoring, or a security policy today for IPv4, well, you're simply delusional. There are a few CPE devices out today that can do this, but, we definitely need more and a wider variety of feature sets.
There is simply no good solution for them right now. Remember that for IPv4, most of the systems mentioned above are provided through a unified, inexpensive, and easily managed, multi-function firewall. No such product exists for the IPv6 world, at least not in a mature state; so the knowledge required is much higher; the number of systems and services required is much higher; the cost is... higher.
Seems to me that the SRX-100 comes reasonably close and has relatively proximal capabilities in IPv4 and IPv6. However, at $600, it's probably a bit on the pricey side of many SMB resources.
I'm sure a few consultants making bank on "deploying" IPv6 for organizations without giving any thought to security, operational, or performance concerns will be more than happy to chime in and say how wrong I am. But trust me, the majority of SMBs aren't completely brainless, and all you have to do is talk to them to know that they have the exact concerns and conclusions mentioned here.
As a consultant making "bank" to some extent helping others to deploy IPv6, I resent your generalization that we must be ignoring all of those concerns. It's simply not true. I agree that many SMBs aren't completely brainless, but, to say most ignores the reality that most SMBs are someone running a shop to make money doing what they are passionate about, such as SCUBA, sewing, or whatever. The majority of money comes from larger SMBs, but, the vast majority of SMBs in the US are actually single-proprietor businesses with 1-5 employees almost always without any sort of dedicated IT person in the mix. They aren't brainless, but, networking isn't their focus and all they know about any of those issues is the FUD they occasionally hear on TV about someone getting hacked. A responsible consultant will help them apply reasonable measures to protect themselves and explain the cost/benefit tradeoffs of various solutions so that they can make a (more) informed decision. There may be IPv6 consultants out there deploying SMBs on IPv6 irresponsibly, but, not all of us fall into that category. Owen
On Wed, Aug 3, 2011 at 11:14 AM, <brunner@nic-naa.net> wrote:
Folks,
In the never ending game of policy whack-a-mole, we are offered the claim that that the cost to a small to medium business to make its operational purpose v6 address enabled is in the mid-five figures.
For those of you who do smb consults, some numbers to make a hypothetical shop consisting of a quarter rack of gear running nothing more goofy than a couple of applications on a couple of ports, basicially, a dbms plus a bit of gorp, say in central Kansas, to which some provider, say Kansas Telekenesis and Telefriend has just made v6 happy.
Having renumbered hq.af.mil some time ago, I'm expecting the 50k bogie to add colons to some retail insurance office or mortuary in central Kansas to be on the exceedingly good dope high side.
Thanks in advance for real numbers, which I'll sanitize before using to attmept to keep one policy playpen slightly less crazy than normal.
Eric
-- Ray Soucy
Epic Communications Specialist
Phone: +1 (207) 561-3526
Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/
participants (4)
-
brunner@nic-naa.net -
Owen DeLong -
Pete Carah -
Ray Soucy