Happy IPv6 Day!!

it_consultant

MrRyte wrote: »

Astronomically higher as in about 340 trillion, trillion, trillion addresses.....
The TCP/IP Guide - IPv6 Address Size and Address Space

And when combined with NAT-oh boy....

NAT is not used in IPv6, tunneling maybe, but not NAT.

ipv6 addressing – there is no NAT, and “renumbering needs work” Thorsten on (mostly) Tech
IPv6.com - Network Address Translation (NAT) Benefits and Liabilities.
IPv6 transition mechanisms - Wikipedia, the free encyclopedia
Private Addresses in IPV6 do not require NAT http://www.tcpipguide.com/free/t_IPv6SpecialAddressesReservedPrivateLinkLocalSiteLo-3.htm

If there is one thing we all need to learn is that the era of private / public networks will be over. Security is provided by IPSEC which is built into the protocol.

mikedisd2

bertieb wrote: »

... twitter feeds are full of it ...

Forget the context, you totally hit it square on.

JDMurray

CthulthuDawn wrote: »

Web companies test Internet's readiness for future | Reuters

This has been 10 years in the making. I remember the cut-over from NCP to TCP/IP back in 1983. All it took was the DoD giving every org on the three nets one year to be 100% TCP/IP compliant by 1/1/1983 or be dropped from the new, unified "Internet." I don't remember hearing about any significant problems. We really need that kind of "authoritative teeth" to make the final push for implementing IPv6 too.

ChooseLife

JDMurray wrote: »

We really need that kind of "authoritative teeth" to make the final push for implementing IPv6 too.

Well, there is no single authority in the world that can make such a push today. At the moment, businesses by and large have strong financial motive for keeping the existing IPv4 Internet, and are the core of "resisting power" to IPv6 adoption...

Psychologists say that once standing ovation takes over 20% of an audience it creates an avalanche effect urging everyone else to join in. Something similar is going to happen with IPv6 as well, IMO.

Forsaken_GA

JDMurray wrote: »

This has been 10 years in the making. I remember the cut-over from NCP to TCP/IP back in 1983. All it took was the DoD giving every org on the three nets one year to be 100% TCP/IP compliant by 1/1/1983 or be dropped from the new, unified "Internet." I don't remember hearing about any significant problems. We really need that kind of "authoritative teeth" to make the final push for implementing IPv6 too.

It was also simpler back then, though. The internet wasn't the global entity back then that it is now, and it wasn't such a commercial driving force. With an increase in scale, comes an increase in complexity, especially with all the hacks that have been implemented over the years to make ip4 work (ie, NAT). Those conversions are not trivial.

And getting the network on ip6 is the easy part. The applications... that's another problem entirely. For example, simple applications that need to log IP's. If the developers didn't pad the space to allow for 128-bit addresses, then it's going to require a schema change, and for alot of enterprise databases, that is not trivial. And that's just the simplest example I can think of.

I know a company that is running software that requires windows 2000 sp1. Updating it any further breaks the application. The developers are out of business. They're screwed until they find a replacement. I'm certain other companies with network enabled applications are in the same boat.

ipv6 gateways for external traffic is going to be the migration path of the future. I'm actually trying to turn my home network into ipv6 native internally, and setup an ipv6 to ipv4 gateway, so that all native ipv6 traffic goes out over the ipv6 tunnel, but everything else goes out of the proxy. It's..... challenging.

JDMurray

ChooseLife wrote: »

Well, there is no single authority in the world that can make such a push today. At the moment, businesses by and large have strong financial motive for keeping the existing IPv4 Internet, and are the core of "resisting power" to IPv6 adoption...

Actually, I think the "teeth" is China and the rest of the world that has been forced to already adopt IPv6 because Europe and the USA have "hogged" all the IPv4 addresses. The IPv6 countries have already moved into the 21st century and are leaving the rest of us and our tiny little address space behind.

ChooseLife

JDMurray wrote: »

Actually, I think the "teeth" is China and the rest of the world that has been forced to already adopt IPv6 because Europe and the USA have "hogged" all the IPv4 addresses. The IPv6 countries have already moved into the 21st century and are leaving the rest of us and our tiny little address space behind.

China is isolated enough to not be a driver for world-wide IPv6 adoption, whereas migration of most of USA would automatically force everyone else to follow the money and migrate as well. If the price to get out of the tiny little address space is high, there must enough RoI to motivate the commercial business to migrate, and right now there simply isn't. So they (we) are waiting.

Forsaken_GA

ChooseLife wrote: »

China is isolated enough to not be a driver for world-wide IPv6 adoption, whereas migration of most of USA would automatically force everyone else to follow the money and migrate as well. If the price to get out of the tiny little address space is high, there must enough RoI to motivate the commercial business to migrate, and right now there simply isn't. So they (we) are waiting.

I wouldn't be so quick to discount China, they're a force to be reckoned with in the global market.

But part of the point I think JD is trying to make, is that the economics of IP address space has forced other countries, in particular asian ones, to adopt ipv6 at a faster rate than us western bastards. We're going to have to go to it sooner or later, but chances are pretty good we'll be playing catch up when we do. That's not a good position to be in, especially with China on the cyber attack front. They've already identified things like what common mistakes might be made during a transition or new ipv6 rollout that can compromise security. Most of us haven't even begun to formulate a transition plan.

ChooseLife

Forsaken_GA wrote: »

I wouldn't be so quick to discount China, they're a force to be reckoned with in the global market.

But part of the point I think JD is trying to make, is that the economics of IP address space has forced other countries, in particular asian ones, to adopt ipv6 at a faster rate than us western bastards. We're going to have to go to it sooner or later, but chances are pretty good we'll be playing catch up when we do. That's not a good position to be in, especially with China on the cyber attack front. They've already identified things like what common mistakes might be made during a transition or new ipv6 rollout that can compromise security. Most of us haven't even begun to formulate a transition plan.

Understood and partially agreed. My view is that Internet in the western world today is governed by financial forces to a larger degree, and to lesser degree by political motives. Having said that, I tend to agree that likely the biggest impact on IPv6 adoption will be made by governments who will require IPv6 compliance for certain infrastructures by such-and-such dates. And then the commercial sector will follow, after some hesitation.

it_consultant

I don't understand any argument that says there is a financial reason NOT to move to IPv6, to me this represents a misunderstanding of the protocol and its implementation while completely ignoring the things that will make IPv6 more efficient and cost effective to use. It also ignores the fact that for a great while you will still be able to run "dual stack" networks. There will probably be a time where your legacy clients simply wont be able to access the public internet anymore. To use Forsaken's example, there is certainly more wrong with running an application on Windows 2000 SP1 where the developers are out of business then just the IPv6 compatibility.

This isn't going from token ring to ethernet, it is also not having to buy a bunch of new NIC cards or software updates. Your current infrastructure probably supports IPv6 if it was purchased in the last 4-5 years. The biggest challenge will surely be making sure MSSQL, Exchange, Oracle, and the other platforms work fine with IPv6, that is something we have little control over though.

ChooseLife

it_consultant wrote: »

I don't understand any argument that says there is a financial reason NOT to move to IPv6, to me this represents a misunderstanding of the protocol and its implementation while completely ignoring the things that will make IPv6 more efficient and cost effective to use. It also ignores the fact that for a great while you will still be able to run "dual stack" networks. There will probably be a time where your legacy clients simply wont be able to access the public internet anymore. To use Forsaken's example, there is certainly more wrong with running an application on Windows 2000 SP1 where the developers are out of business then just the IPv6 compatibility.

This isn't going from token ring to ethernet, it is also not having to buy a bunch of new NIC cards or software updates. Your current infrastructure probably supports IPv6 if it was purchased in the last 4-5 years. The biggest challenge will surely be making sure MSSQL, Exchange, Oracle, and the other platforms work fine with IPv6, that is something we have little control over though.

Did you try gauging how many man-hours it takes to migrate a medium sized production network from IPv4 to IPv6? Including SQL, Exchange, dynamic routing between sites, third-party and in-house developed products, revenue-generating services that must have minimal downtime, third-party component dependencies, to name the few? All of this work costs money.

Forsaken_GA

it_consultant wrote: »

This isn't going from token ring to ethernet, it is also not having to buy a bunch of new NIC cards or software updates. Your current infrastructure probably supports IPv6 if it was purchased in the last 4-5 years. The biggest challenge will surely be making sure MSSQL, Exchange, Oracle, and the other platforms work fine with IPv6, that is something we have little control over though.

Yup. I could deploy dual stack in about a month if management would let me. All but a few platforms support ipv6, and I want to trash those bastards anyway. Even though the company has no official ipv6 migration plan, we in networking have been developing it during our down cycles, so that when they do ask, we're ready to go.

The applications are the real problem. We have several that will have issues with ipv6, and they're going to require development man hours to get done.

I honestly believe we will not migrate to ipv6 until our customers start demanding it.

Forsaken_GA

ChooseLife wrote: »

Did you try gauging how many man-hours it takes to migrate a medium sized production network from IPv4 to IPv6? Including SQL, Exchange, dynamic routing between sites, third-party and in-house developed products, revenue-generating services that must have minimal downtime, third-party component dependencies, to name the few? All of this work costs money.

It's almost all opex though. It's already accounted for. If you've made your purchasing decisions wisely in your build out, the capex of the conversion is very low.

ehnde

MrRyte wrote: »

Astronomically higher as in about 340 trillion, trillion, trillion addresses.....
The TCP/IP Guide - IPv6 Address Size and Address Space

And when combined with NAT-oh boy....

I don't know if that number is correct or not, but it's easier to say undecillion. I found an error in a microsoft textbook claiming IPv6 provided 340 billion addresses. It's 340 undecillion. That's 340 with 36 zeros. Of course this is a rounded figure.

it_consultant

ChooseLife wrote: »

Did you try gauging how many man-hours it takes to migrate a medium sized production network from IPv4 to IPv6? Including SQL, Exchange, dynamic routing between sites, third-party and in-house developed products, revenue-generating services that must have minimal downtime, third-party component dependencies, to name the few? All of this work costs money.

I will use Exchange 2010 SP1 as an example, it supports IPv6:
IPv6 Support in Exchange 2007 SP1 and SP2: Exchange 2007 Help

SQL Supports IPv6:
Connecting Using IPv6

Sharepoint Supports IPv6:
IP support (SharePoint Server 2010)

That was one half a man hour right there. Dynamic routing, I have no idea what your infrastructure is so I wont comment on that except to say that routing doesn't really change in IPv6, it just takes a lot more key strokes (128 bit compared to 32) to put your network statements in the router.

Of course I am not suggesting that this will be the simplest thing in the world, I am suggesting that it is not nearly the show stopping mountain to climb over everyone is saying it is. The address space is a lot larger and the addressing is a little diferent, private and public networks are a little different, but its still a layer 3 address run primarily (for our concerns) over ethernet.

ChooseLife

it_consultant wrote: »

I will use Exchange 2010 SP1 as an example, it supports IPv6:
IPv6 Support in Exchange 2007 SP1 and SP2: Exchange 2007 Help

SQL Supports IPv6:
Connecting Using IPv6

Sharepoint Supports IPv6:
IP support (SharePoint Server 2010)

That was one half a man hour right there.

Gotta love IT consulting... Half a man-hour and 3 links is what it takes to migrate our Exchange, SQL and Sharepoint to IPv6.

it_consultant

And I addressed the compatibility concerns you specifically mentioned, impressive huh? Considering in most cases its a matter of ticking ON IPv6 (once you have your IPv6 infrastructure and your dual stack IPv4 for compatibility) and assigning static IPs and updating your AAAA dns records. Then do some regression testing just in case - exchange can be funky when run with IPv6 but I promise it is doable. How many man hours do you figure that will take? OSPF works just the same, like I stated before with just a few more keystrokes, so that shouldn't be too many man hours either.

Is it this mythical "cost" argument or is it that you don't want to learn a new addressing system? Be honest with everyone here; even 3 year old canon scan/copy/faxes support IPv6, are you seriously suggesting that SQL and the other platforms are going to fail to use IPv6 properly?

Make it real, how many man hours did you project this would take and at what cost. Assuming you would do the transition, aren't the man hours a straw man argument considering you would still be drawing you salary and just doing something else?

Forsaken_GA

it_consultant wrote: »

Make it real, how many man hours did you project this would take and at what cost. Assuming you would do the transition, aren't the man hours a straw man argument considering you would still be drawing you salary and just doing something else?

In our case, it's not the underlying infrastructure that's the problem, it's the applications that are built on top of it, and that will be the real hold up. For example, in order for us to adopt ipv6 fully, not only do we actually need to spend development time to change our applications, but we'd be required to change the database schema. That's not feasible on our live database servers, so we'd need to build out new db servers with a corrected schema, start inserting data into that instead, and then migrate all of the data from the old DB to the new one. Considering how large our databases are, the record conversion will take a very long time (on the order of weeks last I heard). So in addition to all the other work, we'd also need to code some glue to allow our customers to access all of the data in the old database while it was being migrated.

All told, that is not a trivial project. So yeah, while we could turn on ipv6 on the network and on the exchange server, et al, going fully ipv6, and being able to offer our product to our customers over ipv6, is a major undertaking. And right now, the customer demand for it isn't there, so it's not a priority.

But as I mentioned previously, the actual costs involved are pretty low. The only capex involved would be the purchase of new hardware in order to perform the migration, and an extension of the opex budget in order to support things like the new licenses required, the new ipv6 native circuits at each site, and so on (and I already negotiated an increase in our opex budget before the fiscal year began, I already have the money to bring up new circuits at need). All told, it would be a cheap project in expenditure terms, but potentially very expensive in revenue terms if it's screwed up at any point and it impacts our ability to deliver service to our customers.

it_consultant

By a wide margin the most challenging part of IPv6 is application compatibility. For example, most of my clients use EMR provided by some company, we have to wait for them to tell us when they are compatible. Until then we will have to use IPv4 in some way.