nanog mailing list archives

Re: IPv6 Security [Was: Re: misunderstanding scale]

From: Lamar Owen <lowen () pari edu>
Date: Tue, 25 Mar 2014 10:46:17 -0400

On 03/24/2014 09:39 PM, Paul Ferguson wrote:

I'll leave it as an exercise for the remainder of... everywhere to
figure out why there is resistance to v6 migration, and it isn't "just
because" people can't be bothered.

I'm sure there are numerous enterprises in the same shape I am in, withsignificant equipment investment in non-quite-ipv6-ready gear, andinsufficient technology refresh capex monies to get ipv6-readycapacity-equivalent replacements. Cisco 6500/7600 even with Sup720 hasissues, and I know of a number of networks still running Sup2 on6500/7600 or even older (including some gear in my own network, where Istill have old gear, older even than I'm willing to admit publicly,serving in core roles; I just decommissioned a failing Extreme Summit 1ithis past Saturday, and still have two more in core roles, doing Layer 3IPv4 in one case). I know I'm not alone.

While much of this gear may be fully depreciated, the cost of theforklift upgrade is major, and the gear is not the biggest part of thecost. Repairs are not anywhere near as draining on the capex budget ascomplete chassis upgrades are, and so we keep old gear running becauseit's what we can afford to do.

So capex is a big part of it; but then there's training costs and theopex of dealing with a new-to-us technology.

Just my very-late-to-the-party opinion, and not likely to changeanything at all, but in hindsight it seems we might have been better offwith ipv4.1 instead of ipv6, which, IMO, just simply bit off too much inone bite. Much like how the Fountainhead project at DG got eclipsed bythe much less ambitious Eagle, and never really went anywhere due to itspie-in-the-sky goals, when all the customers really wanted was a 32-bitEclipse, which Eagle provided. (Tracy Kidder, "The Soul of a NewMachine" which should be on every tech's must-read list). Yeah, I know,too late to matter, as ipv6 is here and here to stay. But thetransition could have been smoother and less traumatic to equipmentvendors' customers. At least that's my opinion and experience, yourmileage may vary.

Current thread:

IPv6 Security [Was: Re: misunderstanding scale], (continued)
- - - IPv6 Security [Was: Re: misunderstanding scale] Paul Ferguson (Mar 23)
    - Re: IPv6 Security [Was: Re: misunderstanding scale] Timothy Morizot (Mar 23)
    - Re: IPv6 Security [Was: Re: misunderstanding scale] Dobbins, Roland (Mar 23)
    - Re: IPv6 Security [Was: Re: misunderstanding scale] Mark Tinka (Mar 23)
    - Re: IPv6 Security [Was: Re: misunderstanding scale] Timothy Morizot (Mar 24)
    - Re: IPv6 Security [Was: Re: misunderstanding scale] Mark Tinka (Mar 24)
    - Re: IPv6 Security [Was: Re: misunderstanding scale] Owen DeLong (Mar 24)
    - Re: IPv6 Security [Was: Re: misunderstanding scale] Paul Ferguson (Mar 24)
    - RE: IPv6 Security [Was: Re: misunderstanding scale] Naslund, Steve (Mar 24)
    - Re: IPv6 Security [Was: Re: misunderstanding scale] Lee Howard (Mar 25)
    - Re: IPv6 Security [Was: Re: misunderstanding scale] Lamar Owen (Mar 25)
    - Re: IPv6 Security [Was: Re: misunderstanding scale] Luke S. Crawford (Mar 26)
    - Re: IPv6 Security [Was: Re: misunderstanding scale] Jack Bates (Mar 26)
    - Re: IPv6 Security [Was: Re: misunderstanding scale] Mohacsi Janos (Mar 26)
    - Re: IPv6 Security [Was: Re: misunderstanding scale] Matt Palmer (Mar 26)
    - Re: IPv6 Security [Was: Re: misunderstanding scale] Luke S. Crawford (Mar 26)
    - Re: IPv6 Security [Was: Re: misunderstanding scale] Timothy Morizot (Mar 26)
    - Re: IPv6 Security [Was: Re: misunderstanding scale] Chuck Anderson (Mar 26)
    - Re: IPv6 Security [Was: Re: misunderstanding scale] Owen DeLong (Mar 26)
    - Re: IPv6 Security sthaug (Mar 27)
    - Re: IPv6 Security Henri Wahl (Mar 27)

(Thread continues...)