My role as a Cisco Live speaker requires me to travel a lot. It’s something I really enjoy doing, especially when I get to meet new people who are passionate about networking.
As people get to know me, they soon realize that I’m somewhat of an IPv6 ‘fan-girl’. When the topic (inevitably) comes up in conversation, many people who aren’t as ‘passionate’ as I will ask “Nobody uses IPv6, do they?”.
The #ipv6 wizard #CLEUR #CiscoSE pic.twitter.com/qMrghJDLy0
— Nicole Wajer (@vlinder_nl) January 31, 2018
I’m sure there are many of you who’ve heard something similar in conversation, and although it is difficult to convince these people that IPv6 is being deployed by more and more organizations — especially when adoption rates have been so slow in its 20-year existence thus far — these instances do at least provide me the opportunity to get them thinking about the topic again and share what great work has been done in the space recently.
Read: IPv6 deployment success stories in the Asia Pacific
Encouragingly, this work — by all us IPv6 fans — seems to be paying off, at least for our Cisco Live IPv6 sessions, in which we’ve seen an increase in the number of attendees over the last few years. Below are a few insights that I’ve noted from these sessions recently, and my tips for getting started with IPv6.
There are no shortcuts to IPv6
Many in our sessions are eager to deploy IPv6, but struggle with the ‘everything is bigger’ mentality. Ideally, they are looking for ways to make IPv6 easier to incorporate in their current network.
Unfortunately, there are no shortcuts, or one-size-fits all process to deploying IPv6 — it requires time, effort, and upgrades.
Inevitably all of these require some capital outlay, which leads to a second roadblock that many people offer to deploying IPv6: management not seeing the added benefit of deploying IPv6.
What is the business case for IPv6?
In management’s mind, IPv6 is a costly upgrade to a technology/protocol that isn’t broken. As such, a standard question that audience members have is “How do I provide a business case for management?”.
Read: Blockers to IPv6 adoption
Again, there is no one-size fits all business case that we can offer. What I suggest though, is that people try to find benefits that appeal to their managers.
For example, if security is important in your organization (it should be for EVERY organization!), discuss with them how running dual-stack provides better visibility and less false positives than using Network Address Translation (NAT). If it’s a question of money, explain to management the costs associated with continually upgrading NAT. If it’s a question of sustainable expansion of your network, explain the issue of IPv4 depletion and issues (again) with NATs and/or acquiring and incorporating addresses from the transfer market.
Where do I start?
Another question we get with another no one-size-fits all answer. I can go on for hours answering this question (and sometimes I do) but the following steps are a good beginning:
- Learn IPv6 basics NOW! It’s not that difficult but some of the techniques you have learned in the past, for example, subnetting, you’ll have to let go of.
- Investigate if all your gear and applications in your network are capable of running dual-stack? If you have recently refreshed your network this shouldn’t be an issue.
- Start asking your providers and application developers if they support IPv6
Another approach could be when you are refreshing your network devices to turn on both address families to make it a joint effort — this is how Cisco did it many years ago (we’ve now migrated to dual-stack) and I can guarantee it will help with the transition.
Read: 10-step plan to IPv6
The above points are just a start but with a little time and effort, you’ll be on the road to sunsetting your legacy protocol.
MTE talk to me about #ipv6 #CLMel #CiscoSE pic.twitter.com/VNybRfdUf0
— Nicole Wajer (@vlinder_nl) March 9, 2018
Nicole Wajer is a Technical Solutions Architect at Cisco. She has a global role for the security part of SDA (Software Defined Access) in the Enterprise Networking team.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.
I hate to introduce a topic off track from the main theme of your article. However, the IPv4 address shortage issues have been resolved. We came upon a scheme that can expand each public IPv4 address by 256M (Million) fold without affecting the current Internet. A proposal called EzIP (phonetic for Easy IPv4) has been submitted to IETF:
https://tools.ietf.org/html/draft-chen-ati-adaptive-ipv4-address-space-03
Essentially, EzIP can establish a sub-Internet capable of serving an area with up to 256M IoTs from just one IPv4 address. This is bigger than the largest city (Tokyo metro) and 75% of the countries. This can realize the CIR (Country-based Internet Registry) model proposed by ITU a few years ago stealthily without setting up a CIR organization. If a government is not interested in this resources, private enterprises can make use of it to provide “local” Internet service in parallel to the current “global” Internet services, very much like the Independent telephone companies in the PSTN industry.
The current Internet then becomes the backbone / infrastructure / skeleton for interconnecting these sub-Internets, yet only for carrying inter sub-Internet traffic, very similar as the electric grid supporting islands of renewable energy generated by individual homes and businesses. Consequently, there will be a lot of spare IPv4 addresses for quite sometime to come.
Then, much of the efforts in deploying IPv6 are no longer needed.
Thoughts and comments will be much appreciated.
Abe (2018-09-06 19:20)
Yeah that’s dumb. Use IPv6.
Hi, Kenyon:
I was expecting constructive criticism.
Let’s have intelligent conversation based on logic to avoid wasting colleague’s valuable time.
Thank you.
Abe (2018-09-08 15:10)
I am sorry Abraham,
There is no constructive criticism possible. You wasted already my valuable time. The conclusion of Kenyon is correct.
You are from India, the land with the highest IPv6 penetration,and you try to reinvent IPv4 with shifted bit priorities.
Please invest your time in deploying IPv6. It is better for you and the mankind.
Thomas
Hi, Thomas:
1) “You wasted already my valuable time.”: Here is a true “back to the future” case. Put yourself in Year 1982. If relying only on RFC791 and 240/4 address block (both were set in 1981) was good enough to resolve the main trigger for the need for IPv6 even back then, What was the purpose of all these IPv6 development and deployment efforts? Then, who is wasting whose time?
2) “You are from India …. “: Resorting to racial slurs only degenerates a technical discussion forum, besides degrading yourself. Let’s stay clear of it.
3) To put out some meat out so that you may be encouraged to sink your teeth into it, EzIP has been in reviews at pretty high levels of the Internet related organizations for awhile. So far, I am still waiting for someone to shot a hole in it (so that they will not waste their time further). Please try to be the first one to do so, instead of vague statements. (Hint: You may want to check out the LinkedIn profiles of the coauthors of the EzIP Draft.)
Thanks,
Abe (2018-09-08 20:37)
Stating a fact isn’t a racial slur mate, he’s pointing out the fact that you’re from India, a country with the highest IPv6 penetration.
Hi, NATfetish:
1) “… the fact that you’re from India… “: How did he figure this out? And, based on what information that you would find it being a fact? The fact is that I am not from India! If you even can not guess the obvious from my name, you are not qualified to do so.
Thanks,
Abe (2018-09-08 21:35)
I’m from Germany. We(except Belgium and Greece) have the highest IPv6 penetration in Europe, at least in absolute figures.
So I’m closer to the Indian IPv6 optimists than Abraham.
Abraham you still ignore, that 32bit are only 32bit, independent of some unused/wasted bits. You break end to end connectivity. The effects of your idea do not justify the efforts.
Please accept IPv4 is outbid.
IPv6 is taking off. Attention: worldwide! (ARIN, AfriNIC, RIPE NCC, APNIC, LACNIC) at the moment with different levels of success, but this is no racism, this more a peaceful contest. The reward will be a better internet for all.
Sorry for misunderstanding your address
A. Y. Chent
R. R. Ati
Avinta Communications, Inc.
A. Karandikar
India Institute of Technology
Independent of that(mentioning India was thought as motivation to see that IPv6 has already won) technically is your proposal bad, despite some reviews.
So I am also very disappointed from the ietf to publish such rubbish.
Hi, Thomas:
0) Somehow, my reply to this series of your Comments got lost in the posting process. Let me try touching the main topics one more time.
1) ” that 32bit are only 32bit, independent of some unused/wasted bits. You break end to end connectivity. “: It looks that you probably missed the gist of the EzIP idea. It provides end-to-end connectivity because it is just a basic router. As to the “32 bit” aspect, please review paragraph 5. C. of the EzIP draft. The analysis leads to 1BBBB assignable public IPv4 addresses which is close to (256th of) that promised by IPv6.
2) “despite some reviews. .. ietf to publish such rubbish. “: You probably do not understand the IETF documentation process. EzIP is just a draft submitted to IETF website which facilitates public discussion. It is not published by IETF in any sense. And, the initial reactions of the reviewers were negative, although expressed in very diplomatic manner. They have not come back with a statement to reject the idea, probably because they realized that the EzIP may be deployed stealthily, regardless of objection or more.
Let me know if I missed responding to any of your points.
Thanks,
Abe (2018-09-09 10:10)
“reviews at pretty high levels of the Internet related organizations…You may want to check out the LinkedIn profiles of the coauthors of the EzIP Draft.”
What do you try to say with that?
Should I get impressed by persons or by their work?
It doesn’t make the work better.
And to remember, you occupied a pro IPv6-posting with an off topic IPv4-revival.
Hi, Thomas:
1) “I’m from Germany. …. closer to the Indian IPv6 optimists “: My name is Jewish. But, I am from China. However, you will find Chen in Israel. The rumor being that one branch of the Cohens lost the “o” in their name and became the Chen family. Here is a regularly updated world statistics on IPv6 readiness. A picture is worth one thousand words. So that we do not need to make a topic out of this.
https://stats.labs.apnic.net/ipv6
2) “that 32bit are only 32bit, independent of some unused/wasted bits. You break end to end connectivity.”: It sounds to me that you have not gotten the gist out of the EzIP. In particular, do you know how PABX extends the PSTN phone numbers to make the overall number longer? As described in Paragraph 5. C. of the EzIP Draft, evenly dividing the 32 bit IPv4 address pool to four parts, EzIP can make 1BBBB public address available for assignment with end-to-end connectivity, which is pretty close to (256th of) that promised by IPv6. This is a simple math, not magic. Please have a look at it.
3) “IPv6 is taking off. Attention: worldwide! … with different levels of success,”: Here is another regularly updated world statistics. It is quite surprising. You may have trouble to read it at the first glance.
https://ams-ix.net/technical/statistics/sflow-stats/ether-type
4) “Independent of that (mentioning India was thought as motivation to see that IPv6 has already won) “: Please check the credential of one of our coauthors, A. Karandikar of IIT-K on LinkedIn. He asked to be a coauthor right after reading an earlier version of the EzIP Draft.
5) “technically is your proposal bad, despite some reviews. So I am also very disappointed from the ietf to publish such rubbish.”: You probably do not understand the IETF documentation process. EzIP is just a draft posted on IETF website as a service for facilitating public discussion. It is not “published” in any sense. And, those reviewers are more inclined to reject the EzIP idea at the beginning. But, so far they have not. I believe that the reason is that the EzIP may be deployed stealthily, regardless of objections or rejections. Again, instead of vague general comments, please shot a couple holes with substance in this EzIP proposal which is only based on “RFC791 and 240/4 address block”.
Thanks,
Abe (2018-09-09 09:38)
Hi, Thomas:
1) “Should I get impressed by persons or by their work? “: I cannot disclose the identity of those who are reviewing the EzIP. However, their initial reaction to EzIP was also negative, but expressed diplomatically. But, they have not come back with a solid reason for rejection which will save their time chewing on this idea.
2) “you occupied a pro IPv6-posting with an off topic IPv4-revival.”: This is preciously the point. So that you can see other parts of the future.
Thanks,
Abe (2018-09-09 09:48)
“discuss with them how running dual-stack provides better visibility and less false positives than using Network Address Translation (NAT)” – this is an incorrect statement which stems from the lack of operational experience. Dual-stack does not relieve pressure on IPv4 in any way, the existing NATs in a network will remain and will likely grow in complexity (more NATs) until you remove IPv4 from your network completely and go IPv6-only. Only then, you will get rid of the duct tape that is holding your network together (= NAT). However, dual stack is a good way to get exprience with IPv6 and to be comfortable with it in the network. Better visibility in the network is possible only with one protocol and clear end-to-end path.
Also, if you understand how your company operates on the Internet where IPv6 is constantly (even though slowly) growing, you will understand how to put a business case for IPv6 together. It only requires time and effort.
Hi, Veronika:
0) Thank you very much for your candid characterization of the IPv6. Your description helps me beginning to see through some of the smoke screens.
1) If you could, I would love to hear your critiques on the EzIP proposal to IETF mentioned in my Comment at the beginning of this discussion. Since EzIP is an unorthodox approach, much verbiage is used in its description. In essence, it is a scheme that makes use of only the original IPv4 Standard RFC791 and the long-Reserved 240/4 address block to expand an IPv4 public address by 256M (Million) fold without affecting the current Internet setup. Each of such implementation island / cluster appears to be just an ordinary IoT to the overall Internet. The implication is scarily exciting. We are concerned whether there is any basic flaw in it. I would appreciate very much if you could give your reactions and thoughts.
Regards,
Abe (2018-09-10 09:06)
Dear Colleagues:
You may like to have a look at the feasibility demonstration report below.
https://www.avinta.com/phoenix-1/home/RegionalAreaNetworkArchitecture.pdf
It should provide some material for furthering the dialog.
Abe (2020-08-29 12:26 EDT)
Still dumb, still just use IPv6.
Hi, Kenyon:
1) “dumb”: I believe that we should be a little bit more in-depth / specific than just this superficial adjective..
2) By the way, did you review the cited material, such as the discussion thread below?
http://www.circleid.com/posts/20190529_digging_into_ipv6_traffic_to_google_is_28_percent_deployment_limit/
Abe (2020-08-29 19:00 EDT)