[AusNOG] IPv6 - What Should an Engineer Address when 'Selling' IPv6 to Executives?
Mark Newton
newton at atdot.dotat.org
Wed Mar 6 15:38:50 EST 2013
On Wed, Mar 06, 2013 at 12:46:57PM +1000, Paul Gear wrote:
> Nicely written, but moving away from the question again. Mark, what are
> these low-key activities that we should have done in 2011 that are easy
> to sell to management?
If they're low-key activities you don't need to sell them to
management.
You don't sell your IPv4 plan to management, do you? (unless they're
actually micromanagement, in which case you probably have no hope).
Steps:
There are many ways to go about it, but here's one of them. Contents
may settle in transit.
1. Enable IPv6 on at least one of your transit edge routers.
2. Take an IPv6 feed from at least one of the transit providers
that lands on that router. You should now have connectivity
to the IPv6 internet from that router.
3. Nail-up IPv6 iBGP between that router and at least one
router in your core. Congratulations, you should now have
connectivity to the IPv6 internet from your core. It's
only single-homed, but it's not mission critical yet so
outages don't really matter, do they?
4. You can now assign IPv6 prefixes to VLANs in your core.
Start with your lab VLAN; hosts in your lab should now have
full dual stack reachability to the internet.
5. At your option, stand up other iBGP and eBGP sessions to
other border routers and transit providers. Each one improves
your redundancy and gets you incrementally closer to the same
full mesh topology you have with v4.
6. You'll eventually be at a point where all your routers are
dual stack. Along the way you probably will have turned on
all your lab VLANs, and possibly enabled your office network
and any intermediate firewalls in the path. Congratulations,
you now know how IPv6 firewalling works, and all your staff
have access too.
7. If you have a VPN concentrator, dual-stack that too; now your
staff have dual-stack on your network from home. Even better.
At that point, you're dual stack on your entire network except
for the bits that are customer-facing, and you've probably been
outage-free throughout the whole process, and haven't had to
buy any new equipment.
8. Enable "simple" server networks: things like DNS, HTTP and SMTP
that don't involve complexity like load balancers. Probably
a good time to add IPv6 to any VPS products you offer too.
Congratulations, you're now offering IPv6 services to the
public.
If you're an eyeball service provider, add another step:
9. The access network -- you'll need radius support and a few
other odds and sods and a fair bit of planning, but is there
any reason you can't dual-stack your BRAS/LNS and customer
access now?
Now the only bits of your network that aren't v6-enabled are the
"complex" corner cases, which you can deal with at your leisure.
If you're an IT services provider rather than a network operator,
come up with a service offering that addresses each step in the
plan above (research, develop,test). That's what made your business
successful with IPv4, it'll make it successful with IPv6 too.
Turn that into a 2 year roadmap and you'll be well on the way
to mitigating your contribution to the IPv4 problem, broadening
your base of service offerings, and improving your scope for
profitability.
- mark
More information about the AusNOG
mailing list