[afnog] What are the major challenges in enabling Services to run on IPv6?

Malick.Sy at swisscom.com Malick.Sy at swisscom.com
Tue Oct 28 14:18:37 UTC 2014 

Thanks Phil. 

I get your point, I am still quite attached to v4 and I have not yet had a
customer really push for v6 (neither in this or my previous roles). Most
of our customers (not all but the vast majority) are happy with good old
IPSEC VPNs,BGP, MPLS VPNs, NAT/PAT, standard firewalling, proxies and ³the
devil they know², sure if their IT group are forward thinking and have the
budget and CPU cycles, they may have a few public routable v6 address
space enabled devices. Sure, the v6 evangelists will tell you that there
is built in IPSEC security in v6, etc, etc. The issue is not the strength
of the protocol but the knowledge level of the tech configuring it (IMHO.)
The vast majority of the mail servers, database servers, DNS servers, web
servers, routers, repository servers,file and print servers, firewalls,
switches in the world are currently configured and optimised to run with
v4. I don¹t see that changing in a rush and there will be
³convertor-style² solutions around for a long long time.

Which takes me back to the issue of priority. Of course, you are right, if
deploying a new greenfield location, throw fibre at it, 10G access ports,
multi-homed servers with LACP enabled back to stacked virtual switches
(IRF or Stackwise, insert your favorite switch vendor here), back to back
firewalls, while you¹re at it, throw in IPV6 to every device (if deploying
an Internet of Things site, v6 is your friend, right?); as long as your
budget allows it and you are actually addressing the perceived user need
that you are contracted to address.

I am all for deploying solid, cutting-edge, future-proof solutions and
optimising them, however, some questions I have heard a few times over the
years, from customers and management has been: ³What is the pressing need
for solution x and why is it higher priority than say fixing problem u?
How does it affect our bottom line?"

Thanks again for your comments.
..........................................
Best Regards,
Malick Sy
Sr. Network Engineer

Swisscom (Switzerland) Ltd.
Hospitality Services
2, chemin du Pavillon
Case Postale 2200
CH-1211 Genève 2 


Desk Phone:+41 227 407 585
Cellular Phone:+ 41 794 426 765
Fax Number: +41 227 740 7542
Internet: www.swisscom.com/hospitality
............................................
This message contains confidential or privileged information and is
intended solely for the use of the individual(s) to whom it is addressed.
If you are not the intended recipient, you are hereby notified that you
must not use, copy, disclose, forward or take any action based on this
message or information herein. If you have received this message by error,
please advise the sender immediately and delete this message.





On 28/10/2014 14:58, "Phil Regnauld" <regnauld at nsrc.org> wrote:

>Malick.Sy at swisscom.com (Malick.Sy) writes:
>> 
>> 1)Why is V6 migration a priority in Africa?
>
>	It's not, deployment is. The mistake is in not taking the opportunity
>	to deploy IPv6 while you're deploying/upgrading v4.
>
>	v4 is not correctly deployed in many places in Africa - and the
>	rest of the world. Africa is in the unique situation that there
>	is lots of v4 space available. This is a great opportunity for
>	designing clean architectures that minimize the use of NAT and
>	other hacks. Obviously there won't be enough v4 in the long run
>	to avoid these completely, but it would be daft not to get v6
>	running at the same time.
>
>> 2) Is the current urgency of V6 deployments in Africa a real priority or
>> has it been given ³false² priority over possibly more enabling
>> technologies and solutions (this is where I mentioned the current
>> healthcare case that is troubling the region and the globe).
>
>	Not deploying v6 now even though it's happening elsewhere certainly
>	won't stop the earth from spinning - but again, why not just do it ?
>
>> By more
>> enabling technologies I mean greater wifi expansion, 3G/4G expansion,
>>more
>> fibre deployments (GPON, EPON, good old single mode to bridge relatively
>> small distances), power grid infrastructure support projects,
>>educational
>> institute connectivity projects.
>
>	We do what's in our reach. Those that don't have the ability or skills to
>	dig fiber or deploy 4G equipment, can still enable v6 on their network,
>	and encourage their customers and upstreams to do the same.
>
>	Anyway, it's not an either-or proposition: blindly pushing v6 and, say
>	DNSSEC, at the expense of other much needed improvements would certainly
>	be a mistake - but I know for a fact that African engineers can do all
>	of the above, as priorities and budgets allow.
>
>	Cheers,
>	Phil
>

More information about the afnog mailing list