A strong case for IPv6
August 12, 2009
I’ll let you know up front that I’m writing this blog entry for a subset of my readers.
There are those of you who are already running IPv6 network stacks, either internally or externally facing. This wasn’t really written for you, though I hope you’ll continue to read it, and provide feedback with your thoughts.
There are people who administer small networks that have little to no complex dealings with the internet. That is, you don’t provide internet facing services, or if you do, they’re relatively trivial. I’m not writing this for you either, because access-only internet will no doubt have a turn-key solution to enable your IPv6 internet access, and it will require next to no interaction on your part. Chances are great that it’ll be much easier than the transition to digital television broadcasts has been. Frankly, it’s probably going to be a long time before these solutions are necessary, or even available. That being said, if you have to know IPv4 for your job, it behooves you to learn IPv6. It’s more complex, but not completely dissimilar, and there are a number of good resources to help you on your way.
For the other people who are reading this, particularly those who currently believe that implementing IPv6 is a waste of time and resources, I want to share an epiphany that I had yesterday, and I would like to hear your opinions.
For those of you who are unaware of the problem, let me give a brief summary. IPv4 addresses are being assigned as they are needed, but the number of free available address blocks is dwindling. As of April, only 10% were still unused. Current estimates are pointing to the 2nd quarter of 2012 as when the last IP block will be assigned.
There are a lot of the dire predictions about this, and from reading some sensationalist reports, you would think that allocated IP blocks were going to dry up and blow away, leaving nothing but wreckage and crying admins in their wake.
Lets set that record straight. Nothing of the sort will happen. Out of just over 4.2 billion possible addresses, 3.7 billion are usable, and those aren’t going away just because we’re out extras. Every one of those IPs will still be on the internet, and will work just fine. I’m willing to bet good money that even after the “official” end of the available addresses, large ISPs will be happy to sell existing customers blocks of IPs that they’ve been sitting on (for an exorbitant fee, of course). Just because we’re out of free blocks doesn’t mean companies stop growing, and customers with IPv4 infrastructures will need more IPs. Providers know this and have planned for it.
So no, it’s not going to be the end of the internet, and your access won’t go away just because ARIN doesn’t have anything left to sell to Verizon. Here is what is going to happen, though…
Those IP blocks that companies have been sitting on are going to come at a premium, because there is a direct correlation between supply and demand. Established entities are probably going to have first dibs, and even if they don’t, it’s going to be easier and cheaper for providers to distribute new IPv6 addresses to entities just coming online. Again, almost no one reading this will be directly affected.
I urge you to correlate the timing of this depletion with the rise of emerging markets around the world. Large sections of the world that have been technologically dormant are quickly becoming players on the international stage. With that rise in sophistication will come a major need for internet access, and IP blocks reserved by providers will not cover the vacuum. These new nodes will come online with IPv6 addresses.
Again, this doesn’t directly affect you. Unless, of course, you want to do business with them. Will your salespeople traveling in foreign countries be able to communicate with your VPN concentrators, which are only IPv4-based? Will your potential clients even be able to visit your website?
I work for a financial services company. Right now, a great deal of our clients are in the United States and Europe, but we’ve got clients throughout the world, and nearly unlimited potential clients who, very shortly, will only be online with IPv6. It would be irresponsible of us to dismiss it as an unnecessary technology, or as only a “cost center” or a “waste of money”. It’s going to be the way we earn our future paychecks. If your organization wants to do business with emerging markets, then you and I are in the same boat.
I’ve allocated a significant amount of time for testing and roll-out before my network is 100% IPv6 with dual-stack external access (because again, IPv4 isn’t going anywhere soon).
If you are going to be relying on clients in the new markets, then I suggest that you start planning your upgrade now, because this connectivity is going to be vital to your company’s financial future.
Posted in General
Email me
content rss
August 12th, 2009 at 9:29 am
Whilst I fully apreciate the need for ip6, hasn’t nat made it less urgant?
It may sound a bit fruity, but isn’t it better for public facing ips to be v6 and private v4?
I’m just a bit aprehensive about everything having a routable address
and as an asside, as long as people have v4 only hardware that still works, I don’t think the uptake on v6 will be that big.
Personaly I find it hard enough to remember what kit is on a single 10. segment, I think my head would pop if i had to go v6
August 12th, 2009 at 9:54 am
@Chewy fruit loop
NAT has made it less urgent for existing IPv4 people, because you and I aren’t going to have trouble getting new addresses anytime soon. The people that are going to be coming onto the internet that we want to do business with, however, are going to be IPv6. There just aren’t going to be available ARIN blocks to give them, and providers will be selling their “stored” blocks to the highest bidder, which won’t be mass-market Asia or Africa.
In terms of the “everything is routable”, I felt exactly the same way, until I sat down and read an IPv6 book. As it turns out, there is a class of IPv6 address called the “site local” address.
Here’s the definition from http://publib.boulder.ibm.com/infocenter/zvm/v5r4/index.jsp?topic=/com.ibm.zvm.v54.kijl0/hcsk7b3014.htm
“Site-local addresses are designed to be used for addressing inside of a site without the need for a global prefix. A site-local address cannot be reached from another site. A site-local address is not automatically assigned to a node. It must be assigned using automatic or manual configuration.”
So essentially, it works almost exactly like an RFC 1918 address.
And I agree, there is a lot of hardware out there that is only IPv4 compliant. Some things are IPv6 compliant only if you purchase expensive upgrades. Things like this is why I am planning 2 years in advance. I need to identify what it is in my infrastructure that won’t work with IPv6, and I need to replace it, because I want to do business with the couple-of-billion-people that will be coming online in the next 5-10 years.
And yeah, remembering IPv6 addresses is going to be tough. Really tough. Fortunately, there are a couple of shortcuts. You can take the longest string of zeros and abbreviate it to ::, so the loopback IP (which in v4 is 127.0.0.1) which is actually 0:0:0:0:0:0:0:1 becomes ::1. It doesn’t instantly make it easy, but it does make it better.
If you’re looking for a great book to help, check out IPv6 Essentials
. It helped change my view of IPv6 from an indecipherable mass of numbers into something that actually makes sense.
And if you have any questions, please let me know. I might not know the answers, but if I don’t, I can help you find out, and then we’ll both know!
August 12th, 2009 at 1:03 pm
Site-local addresses are deprecated with RFC 3879 as you’re supposed to use a unique local address (ULA).
I take IPv6 quite seriously myself, but trying to get support from upstream is close to impossible. Most ISPs tend to say that they have no current plans to support it, same with co-location and dedicated server hosts. I can always use a tunnel, but I can’t really provide a quality service to anyone, the free tunnels are always a best effort service and 6to4 might not be reliable for everyone.
August 12th, 2009 at 1:09 pm
@Alex – You make a good point, but many of them are working on it, and as more people express interest, more pressure will be put on them to advance and support it.
Thanks for the comment, both of you!
August 12th, 2009 at 1:23 pm
Nice post. It echos several of the sentiments that I’ve made at my blog. The notion that the Internet will break the day after the RIRs run out of IPv4 addresses is clearly false, but it will become increasingly difficult and more expensive for new entrants to join the market. It could become impossible in other regions, such as APNIC, due to high demand.
Consider that by 2012, China will have more people online than the entire population of the US. The Chinese research and education network, CERNET2, is already natively using IPv6 because they couldn’t get enough IPv4 addresses. I think many Americans aren’t aware of the acute need for IPv4 addresses in other parts of the world.
Regarding equipment support, the situation certain could be better, but you can do a lot now. We’ve just completed an internal IPv6 readiness audit at my institution. We found a couple big blockers (such as lack of IPv6 support in Cisco ASA firewalls when configured in redundant mode), but we also found a very large set of services that can be IPv6 enabled very easily (Kerberos, AD, email, DNS, etc).
August 12th, 2009 at 1:27 pm
@Derek
Thanks for reading the post, and thanks for the feedback. I have read where a lot of current Cisco OSes have trouble, and that the new IPv6 upgrades are going to be expensive. Hopefully they’ll come to their senses, but we’ll see.
It’s great that you’re doing those sort of audits. How long is your timeframe before you plan on starting the rollout?
August 12th, 2009 at 1:28 pm
Alex,
Have a look at slide 22 from this presentation – http://www.netnod.se/presentations/netnodevent0902/20090216-netnod-ipv6peering-levy.pdf. Keep beating up on your providers to add IPv6 support!
August 12th, 2009 at 1:32 pm
Matt,
Certain version of IOS have IPv6 bugs, and Cisco used to charge more for IPv6 support (they used to require customers to buy the Advanced IP Services feature pack). As of last fall, Cisco no longer charges extra for IPv6 — IPv6 support is in the IP Base image. They are rolling this support out across all of the IOS release trains, starting last fall. Currently, the SX, SE, and SG trains (as well as IOS-XR and NX-OS) have IPv6 support for free.
See http://www.personal.psu.edu/dvm105/blogs/ipv6/2009/03/ciscos-ipv6-release-schedule.html for more information.
August 12th, 2009 at 1:39 pm
And that shows how far behind the times I am :-) Thanks for the link!
August 12th, 2009 at 1:51 pm
Matt,
We started out IPv6 experiments in 2003, with tunnels (at that time IPv6 was only available to a handful of internal, test networks). In 2005, we obtained native IPv6 connectivity from our ISP (Internet2, in our case). In 2006, we obtained our own /32 from ARIN. We also began upgrading routers on our backbone network to support IPv6 in hardware; this was completed in 2008.
We’ve begun offering native IPv6 to our internal units. We’ve engaged our security group to upgrade the intrusion detection, vulnerability scanning, and firewall equipment to support IPv6. Mostly, this was painless (with the exception of the ASAs in redundant mode that I noted in an earlier comment).
We’ve found that if you start early and make IPv6 part of your equipment lifecycling and acquisition plans, that you can get quite a bit of IPv6 support without additional costs. There is certainly still a lot more to be done (particularly regarding load balancers), and we’re “working with” our vendors to get support.
August 12th, 2009 at 2:13 pm
thankfully i only admin our site, the network is corporate IT’s job :)
…having said that they seem to have managed to do something to the dns so the entire network collapses when the main server goes offline.. :s
August 12th, 2009 at 2:50 pm
@chewy
Ouch. That’s…unfortunate! Good luck!
August 12th, 2009 at 3:33 pm
As I’ve stated a few other places, we actually USE v4 addresses on our normal networks and don’t hide behind a NAT gateway. This is because we’re a higher ed, and asked for our allocation back when they were giving the likes of us Class B networks. So that’s what we have. Our Telecom people haven’t mentioned IPv6 recently, and the last time I asked I was reminded we have a freaking class B and starvation isn’t an issue for us. We still have unused /24′s.
That said, your point about our marketability is well taken. Being a university on the Pacific Rim, we get a fair number of Asian students. As that’s the market that’ll end up with much higher v6 uptake than around here, having out main web presence be available through pure v6 will become increasingly urgent. As we self host our main web presence, this will mean either v6 in the router core or a 6to4 gateway on the right subnets.
I know I’d like to see it, but I don’t know of a technical reason we need to put in the effort. Our main ISP has IPv6 support, but I can’t tell if our backup provider does.
August 12th, 2009 at 3:55 pm
@sysadmin1138
I can readily imagine that with an entire class B, you wouldn’t be in any hurry to implement it in the near future, since you’re certainly not going to run out of IPs.
As for your external access, unless something drastic changes, it’s pretty easy to setup a simple teredo IPv6 tunnel as a temporary solution. Solutions like that would seem more appealing the larger the back-end infrastructure you have. The logistics of swapping an entire class B full of devices is…unappealing.
Thanks for stopping by, and for the comment!
August 12th, 2009 at 4:37 pm
It’s not just about if you’re running low on IPv4 addresses. There might be people who only have IPv6 (or who have much better performance over IPv6) trying to connect to your resources. Likewise, users at your institution might be trying to connect to remote users or resources which are best accessed over IPv6. This will most likely be true for users outside of the ARIN and RIPE regions.
The other issue with the “we’ll wait until we absolutely need IPv6 to being deploying it” approach is that it takes a long time to get your network and basic services IPv6-enabled. Each individual device is usually pretty easy, but there are a lot of pieces that have to come together to make a usable services that has the same level of support as your IPv4 network.
At Penn State, we’re certainly not done with our IPv6 rollout. We started a few years ago. Because of that, we can do native IPv6 all the way from the desktop to the national R&E network. It took us a couple of years to get there.
August 12th, 2009 at 9:49 pm
There is no real business justification to move to IPv6 and you don’t provide any in your note. None of our customers care and we do business in every country in the world. If you are in the academic space than its a different story. But in the commercial space unless IPv6 shows clear benefits to the bottom line to justify its cost – its not going to happen.
I’ve also heard the sky is falling stories about IPv4 address allocation for over ten years so that doesn’t come close to swaying me.
August 12th, 2009 at 10:59 pm
@Yoshi –
It’s actually been for the last 15 years you’ve been hearing about IPv4 free pool running out… but that was because we knew in 1992 that we had about 20 years left. This led to the deployment of CIDR-based assignment and IPng (now called IPv6). The fact that you’ve been hearing about it so long doesn’t make it any less true. We now have approximately 2 years left, and then ARIN will no longer be able to give ISPs additional IP addresses. Yes, it is true that there is address space not being used, and these will quickly get to where they are needed, so we’ll actually have another year or so after that where things still work. In the end, though, the ISP community will have to move to IPv6 or stop growing. You don’t need to add IPv6 to external web and email server; you can stay as-is. As the Internet grows with IPv6, you’ll have connectivity to the subset that just IPv4 connected.
August 13th, 2009 at 8:07 am
@Yoshi
Hey, thanks for dropping the comment. I know that you disagree, and that’s fine. But before you dismiss what I say, think about this. Right now, you’ve got worldwide clients. That means you want to continue that trend, right?
What I said about the world expanding into IPv6 is correct, though. All of your clients that are IPv4 are going to stay IPv4 for a while. Potential new clients will be coming online with IPv6 starting in a couple of years, and if you want to be in the best possible position to get their business, you’re going to want to migrate to IPv6.
In all likelihood, there will be an entire series of anycast gateways to route a certain prefix to the IPv4 world, so that IPv6-enabled clients will be able to reach you, but there’s no reason to rely on something like that when you could start planning now, since the change is inevitable eventually.
@John
Thanks for dropping by, and for the comment. I think it’s safe to say that I agree with your arguments :-) Out of curiosity, how did someone from ARIN happen to find my blog?
August 13th, 2009 at 10:47 am
I struck me this morning over my tea that one of the reasons we’re staying off of IPv6 is one you and others upthread brought up, inertia. It takes time to learn about how IPv6 works and what all needs doing to make it work out. I know our Microsoft DNS servers can do v6, but the BIND servers we use for primary DNS everywhere I’m not so sure of and aren’t my servers anyway.
Because of that class B I mentioned, we frequently say things like, “the 248 subnet,” when talking about our networks, mentioning the third octet in the v4 address of that network. It also happens to be the VLAN number. Something like that isn’t directly translatable in a v6 world. It’s little things like that which can prevent a conversion project from getting off the ground.
August 13th, 2009 at 10:55 am
I think you’re right, it can be a big change in mindset, but some of the things can translate with a little bit of effort. From what Derek was saying, it’s been a two year transition at Penn State. They’ve probably got a bigger infrastructure than most of us, but they’ve got a lot of resources, too.
At least you’re thinking about it though, so my post did what I wanted it to :-D
Thanks for coming back and sharing that. Drop me a line if you guys start any kind of planning or transition effort. I’m interested in hearing how other people do it.
August 13th, 2009 at 3:01 pm
@Matt:
Not a “transition,” but a “deployment.” We’re not transitioning from IPv4 (in that we’re not even considering turning off IPv4); we’re deploying IPv6 alongside IPv4.
@sysadmin1138:
I understand where you’re coming from. I felt the same way a few years ago before I started working with IPv6. Regarding your points: BIND 9.x supports DNS queries over IPv6 and the new AAAA DNS record types for IPv6.
Also, it’s possible to refer to IPv6 subnets by a shorthand. For example, my desktop is on “the 6800″ network (it’s prefix is 2610:8:6800::/48), we have servers on “the 7900 network,” etc. It’s also possible with careful planning to incorporate your VLAN id in your IPv6 subnet prefix. Several North American universities presented on their campus addressing plans at an Internet2 meeting last summer. You might find it interesting – http://events.internet2.edu/2008/jt-lincoln/sessionDetails.cfm?session=10000081&event=281. Slidedecks and video are available.
August 13th, 2009 at 11:31 pm
….
True, four digit numbers. THAT brings me back. To this old-tyme NetWare admin, that looks a lot like the network number in an IPX address. Which is to say, once I dust off certain old habits, I’ll be just fine. And so will several other folk on campus once I point that out.
Our BIND servers are the version that supports IPv6, we’re just not populating any AAAA records. It does pass those that do exist, even though we don’t have an (official) IPv6 route off campus.
August 14th, 2009 at 4:06 am
While totally agreeing with you that IPv6 is something that we must implement, and the sooner the better, on the application level it is not that easy.
Being a developer of a Telco application, I’m rolling in my mind the effort I have to pull in order to port my application to IPv6 and it is enormous. And we already pulled a few nice porting efforts, such as having the compiled in x86_64 instead of i386, or moving from ext3 to JFS. However, moving from IPv4 to IPv6 just seem like a lot of effort – only later to discover that we’ll have to tunnel our IPv6 outbound interfaces to IPv4 – mainly because the operator hosting the application wouldn’t have IPv6 ready.
The point you mention is crucial, for years I think IPv6 should be implemented world wide – I just don’t see how it is going to happen.
@Matt, do you happen to have good articles of co-existing IPv4 and IPv6? – That might be interesting, because I think this is the main gap for most businesses.
August 17th, 2009 at 8:18 am
IPv6 is a textbook definition of catch-22.
There isn’t a lot of content running on v6, because the take up is so slow. The take up is so slow, because there isn’t anything compelling enough for people to seek access (there’s only so many times you can watch the dancing kame :) ) or obtaining access in a non-sucky way is too painful or not available.
v6 is the way of the future, but as you rightly said, v4′s not going anywhere. To that end, I cannot see anyone running single-stack v6 any time soon, even in an emerging market — there’s just too much of the ‘net that will go dark. Dual stack is going to be around for a loooooong time to come.
As for my world, we’re taking the upgrade-services-by-attrition road; light up v6 on anything we can as we can, and if we can’t, make sure whatever kit is replaced can be v6′ed. We’re providing native v6 links for certain classes of clients, and tunnel access for other clients until the rest of the hardware pieces line up.
Fun times :)
August 17th, 2009 at 8:24 am
Greg,
That’s true about content. Fortunately, a few content providers are being forward-thinking about this. Both Google and Netflix have IPv6 offerings. At NANOG a few months ago, Netflix announced http://ipv6.netflix.com/. You can stream content over IPv6 as well.
The “upgrade-by-attrition” model is a cost-effective way to get IPv6.
December 1st, 2009 at 3:46 am
The point above about academia needing IPv6 more than others is just false. Major institutions have one or more class B ranges from the early days, and they still follow the model of public addresses for nearly every node. It’s an immense waste. They could help their bottom line during deep budget cuts by selling off some of this IP space, which admittedly might be difficult after letting IPv4 nets use IPs so inefficiently for so long on campuses.
But the cost in manpower, equipment costs, training, has no return on investment, especially when the IT resources could be used in so many better ways. Most universities simply need to complete their transitions to RFC1918 spaces, and install some simple proxies. It would campuses significantly more secure, and also choke a major launching point for worm attacks across the internet as a whole.
There’s plenty of work for network admins to do, without jumping into IPv6. Sure some vendors like mobile industries will jump in for niche markets, but no one else really needs to. If China wants to jump into IPv6 let them. The US needs to remain competive, and dumping IT dollars into IPv6 rollouts isn’t how to do that when NAT technology is so cheap, pervasive, and supported.
NAT works and is just better design for numerous reasons. If turning on dual stack mode makes you feel like you accomplished something, enjoy. When you send your kids to college, do know that about 5% of that check will be going for this big giant waste of money.
December 1st, 2009 at 5:26 am
@woods b – I agree that it’s not necessary for institutions to covert their internal infrastructure to dual-stack, but if they fail to at least put IPv6 on their external servers, then they’ll see performance issues to an increasing % of clients accessing their web pages, including broadband and mobile devices that have no choice but use IPv6 for their access.
December 1st, 2009 at 10:09 pm
A large university might have 196,000 IPv4 addresses currently allocated. They probably only need 200 to 500 public IPs. IPv4 will work for at least 12-15 years for their externally facing servers. The odds of IPv6 starting to cause real performance issues on the externally facing servers from upstream IPv6 infrastructure clients and mobile devices is extremely slight in the next 10-15 years.
The time and materials in equipment and man hours to configure and support vpns, load balancers, border routers, swouters, virtualization farms, firewalls that support IPv6 will eat up at least a third of a network group’s budget. When everyone’s budget has been slashed 30%, why on earth, wouldn’t you just use your perfectly viable IPv4 addresses until the players that have to have IPv6 like iphones or ISPs have worked out all the kinks, and made IPv6 a commodity service in devices and support in 10 or 12 years.
There’s just not an economic case for doing it when cpu horsepower is so cheap to offset the network dropped packets or teredo translation etc. Gartner reports really need to publish a reality check on this. The real need and niche for IPv6 is very very small.
I’m never mean to be contentious on the issue…it is just that, I’d rather see people keep their jobs working on the work that needs to be done, than people losing their jobs to pay for millions of dollars of expensive bleeding edge IPv6 equipment and reworkings in these tough years ahead of us. Our economy thrives with worker productivity…it is America’s edge…and the source of most GDP growth. IPv6 is just an academic exersise at this point with no real need, like the old B-1 bombers. Work smart.
December 1st, 2009 at 10:18 pm
@woods b – To the extent that the university doesn’t really need to worry about good quality audio/video/conferencing, and can live with degraded performance to those broadband users who only can access via a IPv6 to dynamic carrier grade NAT device, that’s perfectly acceptable answer. If the university actually streams any content and cares about its quality, it’s going to need to dual-home those public facing servers or face significant uncontrollable jitter through gateways beyond their control. So, I agree it’s an economic tradeoff that each institution needs to make on their own. Those that incorporate IPv6 in their normal refresh/upgrade planning and training will see the lowest costs involved in dual-stack enablement, and those that indefinitely defer will see the highest costs immediately after a dean or department head complains about the quality issues his remote classroom video and the behind-the-times University IT department that needs to catch up asap…
December 1st, 2009 at 10:23 pm
woods b,
I’m curious how you know so much about my organization that you can estimate how many public IPv4 addresses we “need.”
What research do you have to support your claim that configuring network equipment will require a third of a network group’s budget? (I’m especially curious, since at my organization, border routers, vpns, load-balancers, and firewalls are run by many different groups).
In many cases, IPv6 equipment is not bleeding edge. Many router, switch, and firewall vendors have supported IPv6 for several years. The situation is rapidly improving with load balancers.
December 2nd, 2009 at 2:43 am
It’s pretty easy to look at the budget sheet and see the amount of FTE going into deploying IPv6 on even a small scale pilot. A simple proxy device and private addressing would have solved the problem and provided better security in a university environment.
No IPv6 itself is not bleeding edge. Supporting it and deploying it inside an organization is not just bleeding edge in some cases, but in many cases is a complete move in the wrong direction. In university environments, public IPs were used early on, and the sensical direction is RFC 1918 addresses. The point is to undo the mistakes of the university environments, and move them towards internal and external IP spaces, using proxies or NATs.
I understand your points about video latency, behind one of the most intensive networking needs. But I’ve seen these video classroom implementations, and they are overarchitected to absurdity because someone wants to put a turbo charger on a Pinto. What I would tell the department head is that I can give you XYZ with your million dollar budget including better alumni donor applications and student facing applications, or I can give you IPv6 because it is the wave of the future…in ten years. And really, if streaming video is the main concern, like maybe .5% of your network bandwidth probably, why not use a cloud based service? And nothing says you can’t have part of your network support IPv6 where the main part of your network really doesn’t.
Sure, I agree with you, buy IPv6 capable systems when it the cost differential is nominal. But with maybe a 6-8 depreciation schedule on core networking equipment, you really could get by this round without it in our Great Depression II. If you buy it, fine. If you want to flip the switch to turn it on in dual stack mode, fine. If you want to work out supporting your uplink to your provider on IPv6, do it if you can flip the switch and little else. But as soon as you invest much FTE time in it, you’ve started wasted money…at least in the large university environments when you could have hit the main issue with a NAT and/or proxy and private addressing. It’s the labor cost that is going to kill these cash strapped organizations trying to build wireless, vpns, load balancers, firewalls, routers, switches, virtualization, group policies, and applications around IPv6. Maybe if you are Ivy league, you can afford it, but maybe your endowment has tanked 30% too.
Public IPv4 addresses you “need”? I can pretty much guarantee you don’t really need 65,000 of them in your college or university.
December 2nd, 2009 at 8:09 am
>A simple proxy device and private addressing would have solved the problem and provided better security in a university environment.
I believe that we’re in agreement that a simply proxy, with the university using private addresses internally is low effort to deploy and can be the right answer. When you do that, can you simply put public IPv4 and and IPv6 addresses on the Internet-facing side, so that users who only have IPv6 can reach your external services on a direct path? This is inexpensive while advancing the connectivity for both the university and the Internet at large.
February 3rd, 2011 at 9:43 am
[...] post is a response to the comments discussion in the Standalone Sysadmin blog post urging uptake of ipv6. In the comments, we see people concerned with the fact that ipv6 addressing gives a public, [...]