[AusNOG] IPv6

Mattia Rossi mattia.rossi.mailinglists at gmail.com
Fri Mar 27 03:11:32 EST 2015


Hi all,

given that we touched my preferred topic once again:

I've just taken part at the GEN6 (www.gen6.eu) roadshow here in 
Switzerland about IPv6 enabled Governments.
It had a pretty great uptake, despite being there some issues in getting 
the desired IPv6 range from RIPE (but that's a different story).
They gave a few interesting reasons though as to why you should start 
deploying IPv6:

If you are on the service customer side:
- NA(P)T is an issue: In larger organisations, a lot of users tend to 
use the same  webpages at the same time. From the  hosters perspective, 
all requests come from a single IPv4 address, and look like a DoS 
attack. You keep calling those providers asking to unblock the address. 
(e.g. Google). IPv6 helps avoiding NA(P)T. And you can still reach Google.
- Microsoft made IPv6 standard in all their software. This means, they 
do no testing with IPv4 disabled anymore. If you run an environment with 
IPv6 disabled and run into issues, they will (or more probably might) 
ask you, if you have IPv6 enabled. If you don't, they will (or might) 
tell you to call back, after you enabled it and eventually make you run 
some tests. No IPv6, no help.
- Zoning: The larger IPv6 address space not only helps avoiding NA(P)T, 
but also allows coding of network zones in the address, thus allows to 
simplify firewall rules and security designs.

If you are on the service provider side:
- Like someone said on the thread: I in ISP stands for Internet, not 
IPv4. Accessibility and anti-discrimination is also valid for the 
Internet. If you don't offer your services you're actually 
discriminating people. (In the Czech Republic this has actually been 
ratified by the government for government services at least - so IPv6 is 
compulsory for basic services to the public)
- Many of your services/servers already do IPv6. You might have it 
around without knowing, and be exposed to security threats. So better 
know about it, and try to get it right
- switching on IPv6 on public facing services/server is usually easy and 
a big step

And the one reason which is always valid:
In large organisations (they obviously were referring to government 
orgs, but it's valid for enterprises as well) if you start now to get 
your network and systems IPv6 ready, it will take you approximately 20 
years until you have migrated everything: every application, every 
service, everything. If you start in five years, it will take 20 years 
from then.
The reason for it are lifecycles of your equipment/software/etc. If you 
don't make sure your new stuff is IPv6 ready now by getting interested 
in IPv6, deploying testbeds etc. You will lose another 3,4,5 or more 
years due to the lifecycle of hose things. And at some point, not next 
year, not in 5 years but maybe in 10 or so, you'll run into a lot of 
issues and/or lose a lot of money.

Cheers, and sorry if this is a bit off-topic (and off-country :-) )

Mat




More information about the AusNOG mailing list