[6bone] came across this article any opinions??

Robert Honore robert@digi-data.com
Wed, 12 Mar 2003 14:31:24 -0400


Dear Darragh Kennedy,

That Network World commentator must have just been venting his or her
frustration with the slow arrival of universal IPv6 application support and
connectivity.  We shall see below.

Darragh Kennedy wrote:
> 
> I'll stick with IPv4 for now, thank you
> By CHUCK YOKE
> Network World, 03/13/00
> I don't get it. Maybe it's because I'm over 40 and the brain cells are
> dying, but there are many things happening today in the world of technology
> that I just don't understand.
> Take IPv6, for example. I just don't get it. Why in the world would I be
> interested in investing the time, money and effort it is going to take to
> convert my IPv4 networks to IPv6?

Maybe one should not just go and "convert your IPv4 networks to IPv6".  IPv6 was
designed from the outset to live side-by-side with IPv4 for as long as it takes
the customer to decide that an exclusive IPv6 network is the one that that
customer wants to operate.  No "forklift conversion" is either necessary or
desirable.

> At one time I was very interested in IPv6. It was going to solve many of my
> network problems. The extended address space would spare me from having to
> create and maintain a variable-length, bit-level subnet addressing scheme.

With IPv6 one would still be able to implement a variable-length, bit-level
subnet addressing scheme.  Only now with IPv6 it is no longer an absolute
necessity.

> The built-in authentication and security would let me sleep better at night,
> knowing that only secure and authenticated packets were entering my
> networks. The quality of service (QoS) would enable me to fully integrate my
> voice and data over IP.

All of the same network and engineering problems that existed with IPv4 that
IPv6 were to address still exist.  While the commentator's thinking and
subsequent actions are understandable, it is not necessarily true that those
were his only options to act.

> But then a crisis happened - I ran out of time. I needed IPv6 two years ago,
> and it wasn't there. And I couldn't wait any longer. So I did what everyone
> else in the world was doing: I integrated a variety of IPv4-based products
> and services into my network.

The main things that slow the universal adoption of IPv6 are the following.

 * Lack of availability of IPv6 service from many ISPs around the world.
 * Application support is nowhere near where it should be as yet.

Both of these things are, in a way, chicken-and-egg problems.  You see, the ISPs
and application providers feel they should not invest in building IPv6 support
without the requisite customer demand, while the customers feel that they cannot
adopt IPv6 without the requisite availability of IPv6 aware applications and
IPv6 capability.  It is not that it is very hard to do either, for if the
application providers adhere to the new Sockets specification in writing their
applications, it is possible to deliver IPv6 ready applications without a large
amount of major modifications to the existing code base.  In the case of the
ISPs, I am reasonably sure that wherever the ISPs have implemented some level of
IPv6 connectivity, there have been customers (possibly early adopters
admittedly) who were only too eager to jump in whole-heartedly.

> My address needs were met by migrating my network to an RFC 1918-compliant
> unregistered IP address.

My question to the commentator in response to the above statement would be "Are
you really comfortable with what you have implemented as a solution, or are you
just living with it because you do not really imagine something better could be
available?"  

> I now have IP addresses galore and can use a very
> simplistic subnet-masking scheme to segment and identify my networks by
> building and floor. My network technicians can tell from the second and
> third octet exactly where a device is located.

It is still possible to do this with IPv6, probably too much so, since the
currently proposed addressing schemes allow you to allocate as many as 64 bits
of address to the node, and the site itself can get as many as 16 of the
remaining bits as site identifier bits.

> For security, I chose a firewall with features that, when combined with the
> appropriate access control lists, ensure the integrity of both incoming and
> outgoing transmissions.

IPv6 was never intended to eliminate the need for firewalls, though it would
probably radically change the way firewalls are built, deployed and used.  IPv6
was created primarily to deal with the availability of IP addresses issue, while
still maintaining the end-to-end model that originally motivated the creation of
IPv4, and which IPv4 can no longer maintain, especially with the use of RFC1918
addresses and NAT.  Firewalls can never maintain the integrity of both incoming
and outgoing transmissions.  That is the job of the end-nodes.  All that a
firewall can do (and some would argue that they do not do that too well) is to
ensure that the traffic that are forwarded through the firewall are in some
loose compliance with some usually poorly specified policy.

> I implemented a combination of Remote Authentication
> Dial-In User Service and Challenge Handshake Authentication Protocol to
> ensure that local, Internet-based and remote dial-in connections are granted
> only to authenticated users with the appropriate access levels. And for
> encrypting sensitive documents and files, I implemented PGP - inexpensive,
> easy and best of all, it works!

IPv6, while it can implement all of these things itself, was never meant (at
least in my view) to eliminate or replace these things.  It can significantly
augment them, though.

> My QoS needs were met by a combination of bigger pipes and faster equipment.
> 100Base-T and 1000Base-T Ethernet give me more than enough bandwidth, and
> the advances in Application Specific Integrated Circuit technology ensure
> that packet serialization delay is kept to a minimum. For the more stringent
> QoS I may need in the coming years, I have a plethora of IPv4-based choices,
> including policy-based networking, Differentiated Services, TCP rate shaping
> and the old standby, ATM.

Admittedly, IPv6 has come up short (again in my view) in this respect.  Pending
the completion of the standard specification of the treatment of the IPv6
flow-label field and the integration of that with the networking hardware, we
might never have true QOS built into IPv6 if the flow-label thing is the only
way it can be done (again, just my opinion).

> So here I am, manager of an IPv4-based network that works fine, is addressed
> in a logical and easy-to-maintain manner, is secure, and integrates my voice
> and data. I just don't see any need to convert my functional IPv4 network to
> IPv6.

There probably really is no need for you to convert your IPv4 network to IPv6. 
Although, with your usage of RFC1918 addressing and NAT, you are on a rapid
collision course with the end-to-end problem.

Yours sincerely,
Robert Honore.