IP protocols/software

Inertia: The Silent IPv6 Killer

As most of you know, IPv6 is the newest internet protocol for systems to run on, creating the opportunity, perhaps necessity, for change depending on a business’ desires or needs. We have a number of situations however, where the motivation for the change required to deploy IPv6 fails both of the above tests.

Because IPv6 does not immediately bring new revenue opportunities, and it is not clear that there is an immediate benefit to the income side of the balance statement, the higher management people who make such deployment decisions generally do not view IPv6 as a positive investment or an effective use of resources. Because learning a new protocol when the current protocol appears to be working does not seem to carry any immediate benefits, neither for an organization nor a self-interest. Systems administrators, network administrators, and other IT professionals often believe that IPv6 will wait, and if they're lucky enough will do keep until they retire.

The business case for IPv6
For the management level, there are a number of ways to make the business case for immediately deploying IPv6.

APNIC (the Asia-Pacific Network Information Centre) and RIPE (the Réseaux IP Européeans) have run out of IPv4 addresses in their general free pools, and ARIN (the American Registry for Internet Numbers), the registry for North America and much of the Caribbean, is down to just over 29 million IP addresses remaining in its free pool.

On the management level, these numbers prove the business case for an urgent deployment of IPv6. While 29 million might still seem like substantial number of IP addresses, consider that until they ran out, the Asia Pacific region was consuming new IP addresses at the rate of roughly 16 million per month.

The question is what happens if you wait until it’s obviously urgent to deploy IPv6. Answers will vary depending on your organization, but some factors to consider include:

  • It will take significant time to deploy IPv6 once you start. It could be as long as a two-year project in some organizations.

  • Having your support personnel learn IPv6 while trying to support it in the field is likely far less effective and far more disruptive to your operations than if they learn it before its widespread use.

    Having IPv6 ready and running before you see urgent demand means that the urgent demand is a non-event. You saw it coming and were completely prepared. Failing to deploy IPv6 early means a chaotic rush to get a two-year project done in less than two weeks. In my experience, most enterprises that attempt this method have not experienced great success.

  • Starting early means that you can make purchasing decisions on your terms and set the timeline to optimize for preferred pricing, timing to coincide with regular technology refresh cycles.

  • If your competitors have IPv6 deployed and you don't before your customers want it, that extra incentive may drive your customers to your competitors. Getting there first might not bring in new revenue, but there's usually significant value in ensuring that existing customers stay. IPv6 can help with that.

The security case for IPv6
Many people who have never seen an enterprise network without NAT, are probably thinking that this prospect sounds rather scary. You have spent most of your career knowing that NAT is part of the firewall and that NAT is what protects you from the big bad outside world. Honestly, that is actually a myth. The problem comes from the fact that we tend to be lazy with our language and NAT has come to be the general term throughout IT for what is actually better described as Stateful Packet Inspection with Address Translation.

Notice that in that term, there are actually two components. The first one, Stateful Packet Inspection actually provides your security. SPI is the process of examining each outbound packet to see if it creates a new flow or conversation. If it does, an entry is added to a state table with enough information to identify incoming packets that match that particular flow. If it doesn't, then the existing flow entry is used. In the case of NAT, that flow entry is also given a public IP address and port number to use as a replacement for the internal (the source for outbound packets) address and port number. Any outbound packets that match a flow entry have their headers altered accordingly. This alteration of the headers is what we mean by address translation. That part does not do anything for security, and actually diminishes security.

IPv6 is a lot easier to administer than IPv4. Though for a while, during the transition, we're going to have to maintain them both, and the longer we have to maintain IPv4, the more painful and expensive doing so will become. The quicker we dispel our inertia, the quicker we achieve deploying IPv6 as widely and as efficiently as possible.

-- Owen DeLong, IPv6 Evangelist, Hurricane Electric (In addition to his day job, Owen maintains a significant IP network in his house running both IPv4 and IPv6 on multiple subnets, all without the use of NAT.)

owendelong 10/27/2013 | 2:12:44 AM
Re: It's moving but true it's slow LoL... Yes, it was quite the blizzard.


Spring time in Denver. LoL

MarkC73 10/26/2013 | 11:37:36 PM
Re: It's moving but true it's slow Owendelong, thanks for the link that was an interesting preso.  Lots of guessing but the transparency made it very interesting and understandable.  Refreshing to listen to some engineering humor as well, maybe I've been going to too many meetings with marketing.  2024 is also fine by me.  Good point about the consumer electronics, hopefully as IPv6 gains traction then more will start supporting it, or perhaps the Home routing devices will need to do some 4to6 static translation. 

Last thing I couldn't help notice was that the it seemed the snow was blowing sideways in the background.  Sheesh that's cold!
owendelong 10/23/2013 | 10:59:45 PM
Re: It's moving but true it's slow Right now, I think it's way to early to be asking "when will we turn off IPv4."

The important question right now is how soon can we make IPv6 ubiquitous and what can we do to facilitate and/or accelerate that process?

While the eventual goal is to be able to turn off IPv4 and that's when we start seeing real cost savings, the simple reality is that will happen almost for free once we achieve critical mass on IPv6.

I do like Lee Howard's recent Facebook question "In what year do you think that 10% or more of end users will have IPv6 only or degraded IPv4?"

Unfortunately, Lee did not provide any years before 2014 in the available answers.

IMHO, there are actually two different questions. The first question, IPv6 penetration, I think will reach 10%+ of end users in 2014. The second question, degraded IPv4 is, in reality somewhere in the vicinity of 1997, possibly earlier... When did we reach 10% penetration of NAT into the end user market? IPv4 has been degraded ever since.
gogoBruce 10/23/2013 | 6:55:23 PM
Re: It's moving but true it's slow It simply comes down to cost.  Organizations will turn off IPv4 when it costs more to run their networks with IPv4 than without IPv4.  Available content is one of the factors of this cost model.  And there are many ways to extend the life of IPv4 but their costs increase exponentially with time.  

Jack, I'm totally behind your April 4. 2024 cutoff date and can help raise its visibility.

As a big data point, we did a poll on this exact question - when networking folks thought they would turn off IPv4 and by 2024 80% said they would (based on 1,479 responses.)  

IPv6 Only Internet

For more details see: http://www.gogo6.com/profiles/blogs/when-do-we-turn-off-the-lights-on-ipv4

owendelong 10/21/2013 | 12:37:58 PM
Re: It's moving but true it's slow Mark,


Yes, IPv6 is making progress. Much more so with content providers than almost any other group. The second best progress is occurring among residential and other end-user ISPs. Comcast, Verizon Wireless, Deutsche Telekom (T-Mobile) and Time Warner have all been making significant progress enabling IPv6 for their subscribers. (I'm sure there are others as well).

The real problem is actually consumer electronics. All those smart televisions, blueray players, HTS Receiver/Amplifiers, etc. are still being sold without a single one that supports IPv6 available to consumers.

I think that 2024 is a fine date for a hard deadline, but I believe that IPv4 will die natural death as the lingua franca of the internet well before then... More like 2018-2020. I base this on numbers from Lee Howard showing that the cost of continuing to provide IPv4 services to residential end users basically requires one to double the price for residential internet access while providing an even lower level of service than is already common place. I don't believe that consumers will accept that.

In tems of content providers, we really only need a few more to seal the deal. If Amazon and just about any 2 other members of the Alexa 100 would add IPv6 capability, that would cover something like 80% of all web traffic, if I recall correctly from Lee Howard's numbers.

Lee's excellent presentation on this matter was delivered at the Denver INET which was held in conjunction with the 2013 North American IPv6 Summit.

Video here:



jhodgesk1s 10/21/2013 | 8:41:46 AM
Re: IPv4 - Proposed Shutdown Date blackjack360, agreed, I can understand why with a transition of this magnitude defining a sunset date is difficult, but as you said the industry needs a hard deadline to take action.
MarkC73 10/21/2013 | 5:36:16 AM
It's moving but true it's slow True, anything with a negative business case isn't going to be tops on the capital budget.  But IPv6 is making some progress.  We've been gaining on the amount of desktops that support it by default and the deprecation of the OSs that don't supported at all are pretty much just around the corner, if not already here.

Where we need to see movement, in my opinion, is the web content providers, as if more content can be reachable via IPv6 it would make it much more appealing for consumers to try out the newer technology and make that oh not so far off, one day switch.  The June 6th world launch was a great idea, as content providers agreed to share the risk together in order to promote the shift.  Over a year later, there's more than double the IPv6 internet traffic, but that's still less than 2% of the total internet traffic.

Also personally, I don't see the service providers getting away with not doing dual stack somewhere in their network, and for a significant time.  Thus, the point I make that the content will drive the 'Inertia' per se.

What did jump out at me was the 'two year' project time line, which I also been quoting the higher ups for the over development and migration.  I guess great minds think alike ... ok ... ok, I'm giving myself too much credit.

In any case, I would love to see more IPv6 content available, how about more IPv6 World launch days?
blackjack360 10/20/2013 | 11:06:29 AM
Re: IPv4 - Proposed Shutdown Date Yes, a couple of times but not enough, at ISOC meetings, v6 world congress, and a few other times (IEEE, ICANN).  There's a good effort with Sunsetting IPv4 at IETF but human nature dictates we need hard deadlines in order to do something. 4/4/2024 is the date. It's a Thursday. Perfect! :-)

Responses I get are "are you crazy, we're stuck with V4 forever", "we can't do that", lame excuses.  Perhaps true for internal networks, those can run v4 forever, even tunnel v4 over v6, but the core internet should only be v6 by that date. Delete all IPv4 routes and there you go. 

I'm planting the seed.  Perhaps I should write an IETF draft.


DOShea 10/20/2013 | 10:44:47 AM
Re: IPv4 - Proposed Shutdown Date Jack, I'm wondering if you have proposed this particular date once before, about one year ago if my Google search is correct? Have any industry groups picked up on the idea since then? Anyway, I think it's a good idea to have a long-range (very long-range) overall IPv4 shutdown date.
blackjack360 10/18/2013 | 10:50:01 AM
IPv4 - Proposed Shutdown Date On April 4 2024, it should be the day we remove all IPv4 routes and run only IPv6 on the Internet!!!!!

3821 days should be enough to get IPv6 running.

10 years, 5 months, 17 days...

Sign In