[AusNOG] IPv6 - What Should an Engineer Address when 'Selling' IPv6 to Executives?

Mark Newton newton at atdot.dotat.org
Wed Mar 6 15:38:50 EST 2013

On Wed, Mar 06, 2013 at 12:46:57PM +1000, Paul Gear wrote:

 > Nicely written, but moving away from the question again.  Mark, what are 
 > these low-key activities that we should have done in 2011 that are easy 
 > to sell to management? 

If they're low-key activities you don't need to sell them to 

You don't sell your IPv4 plan to management, do you? (unless they're
actually micromanagement, in which case you probably have no hope). 


There are many ways to go about it, but here's one of them. Contents
may settle in transit.

1. Enable IPv6 on at least one of your transit edge routers.

2. Take an IPv6 feed from at least one of the transit providers
   that lands on that router.  You should now have connectivity
   to the IPv6 internet from that router.

3. Nail-up IPv6 iBGP between that router and at least one
   router in your core.  Congratulations, you should now have
   connectivity to the IPv6 internet from your core.  It's 
   only single-homed, but it's not mission critical yet so 
   outages don't really matter, do they?

4. You can now assign IPv6 prefixes to VLANs in your core.
   Start with your lab VLAN;  hosts in your lab should now have
   full dual stack reachability to the internet.

5. At your option, stand up other iBGP and eBGP sessions to 
   other border routers and transit providers. Each one improves
   your redundancy and gets you incrementally closer to the same
   full mesh topology you have with v4.

6. You'll eventually be at a point where all your routers are
   dual stack.  Along the way you probably will have turned on
   all your lab VLANs, and possibly enabled your office network
   and any intermediate firewalls in the path. Congratulations,
   you now know how IPv6 firewalling works, and all your staff
   have access too.

7. If you have a VPN concentrator, dual-stack that too; now your
   staff have dual-stack on your network from home.  Even better.

At that point, you're dual stack on your entire network except
for the bits that are customer-facing, and you've probably been
outage-free throughout the whole process, and haven't had to 
buy any new equipment.

8. Enable "simple" server networks:  things like DNS, HTTP and SMTP
   that don't involve complexity like load balancers.  Probably
   a good time to add IPv6 to any VPS products you offer too.
   Congratulations, you're now offering IPv6 services to the 

If you're an eyeball service provider, add another step:

9. The access network -- you'll need radius support and a few
   other odds and sods and a fair bit of planning, but is there
   any reason you can't dual-stack your BRAS/LNS and customer
   access now?

Now the only bits of your network that aren't v6-enabled are the
"complex" corner cases, which you can deal with at your leisure.

If you're an IT services provider rather than a network operator,
come up with a service offering that addresses each step in the
plan above (research, develop,test). That's what made your business
successful with IPv4, it'll make it successful with IPv6 too.

Turn that into a 2 year roadmap and you'll be well on the way
to mitigating your contribution to the IPv4 problem, broadening
your base of service offerings, and improving your scope for 

  - mark

More information about the AusNOG mailing list