In the IETF 99 V6 Operations working group, I saw a very interesting Microsoft corporate (internal) network presentation on their work on an IPv6-only network. This was “Turning IPv4 off in an enterprise network” delivered by Marcus Keane, the company’s Principal Network Engineer.
Read about what is driving Microsoft’s push to IPv6-only.
Microsoft is a huge enterprise. It has anywhere up to 800 distinct locations, complex routing, and an obvious interest in ensuring its network is viable long term.
But then we have the knowledge that Microsoft also cares that the products they develop work on IPv6, so they not only want to run a good network pragmatically, but need to ensure their network can be used to test and develop the core products that depend on it: the Microsoft product suites.
With up to 1.2 million devices, the technology choices they make have a large impact. So, what have they been doing?
Firstly, they have come to a view that dual-stack (IPv4 and IPv6) networks are more costly to operate, more complex, and are more error-prone long-term. They want to go to IPv6-only. This was a very overt goal — they have no interest in long-term maintenance of a legacy IPv4 network, which is already so big that the use of private (RFC1918) networks requires internal NAT to bridge subnets using the same address space.
Their tests have been quite extensive, and they have IPv6 almost everywhere, with dual-stack in many places but also with emerging spaces of IPv6-only — some for tests, some operationally deployed — and have exposed issues of significance to us all. For example, the shortage of VPN products that can work in an IPv6-only network. A recent trade show event with a Microsoft-backed network showed that only two people there could effectively use their corporate VPN product. We have to fix that.
The other key message was that multi-homing IPv6 exposes more complexity than one would want: how to effectively manage which source address is used to drive which exit route is chosen, how to manage each subnet delivering a different domain and DNS and router option.
Microsoft is interested, as an enterprise network user, in standards that make this situation more usable, more tractable for ordinary network consumers in the enterprise space.
This was a really useful, encouraging story about taking a network of scale and moving it to dual-stack safely, with a roadmap to IPv6-only on the table. We sometimes like to point to enterprise networks as slow adopters of IPv6 (the statistics show that most IPv6 is domestic, and cellular network usage in the US now) and Microsoft-bashing has been a ‘thing’ for a while.
But I believe this is a time we can’t bash Microsoft; I think we need to give them due respect for doing a huge amount of work to ensure both that the fundamental models of enterprise networks can (and do) work IPv6-only, and that their products work over IPv6.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.