[menog] Rapid IPv6 deployment for World IPv6 Day

Ahmed Abu-Abed ahmed at tamkien.com
Thu Jun 9 12:30:34 GMT 2011

My comments below.


From: Brian Candler 
Sent: Thursday, June 09, 2011 12:54 PM
To: Ahmed Abu-Abed 
Cc: 'menog at menog. net' 
Subject: Re: [menog] Rapid IPv6 deployment for World IPv6 Day

On Thu, Jun 09, 2011 at 10:51:26AM +0300, Ahmed Abu-Abed wrote:
>    >> Until the whole internet AND web content AND networks AND
>    applications move to IPv6 ONLY then there will be a need for tunneling.
>    Dual-stacking is needed but it doesn't solve the IPv4 depletion issue,

But client-side tunnelling relies on having an IPv4 address too, so it
doesn't solve depletion.

>> Yes it does, but "carrier grade" tunnels present a more stable approach than multi-level NATs. And BTW, future networks will likely be IPv6-only except for the dual-stack hosts that tunnel IPv4-in-IPv6 , a reverse of today's tunnels. Refer to the DS-Lite standard among others, and this approach is part of the 3GPP/LTE standards for mobile networks migration to IPv6.

Estimates I've seen so far from IPv6 day suggest that although traffic was
up, V6 accounted for between 0.02% and 0.3% of total traffic.  Of that, 90%
was tunnelled (i.e. only 10% native).  So basically: (1) there is no
signficiant IPv6 Internet today, and (2) if you want to join what there is,
you do indeed probably have to tunnel.

>> Tunnels solve the chicken and egg problem, it allows IPv6 content to be accessible until IPv6 gains a wider installed base which may take years. During the same time the burden of running IPv4 with no public addresses will grow. Both RIPE NCC and ARIN have publicly endorsed tunneling to speed up IPv6 deployment.

That doesn't mean that installing a tunnel client is a good idea for anyone
except network specialists who know what they're doing.

>> Protocols that automate the setup of carrier grade tunnels, such as TSP, make installing tunnels a plug and play affair. Refer to my original email and try it to see for yourself. For zero user intervention needs, there are CPE IPv6 Adapters that plug in an ethernet port on an IPv4 home router and automatically setup IPv6-in-IPv4 tunnels (see the ARIN Wiki on IPv6 CPEs). All these are carrier grade solutions and have been deployed by tier-1 carriers.

If random end-users start installing this stuff without understanding it,
then (a) they are probably opening up security holes into their network, and
(b) they may impede a later smooth rollout of native v6.

>> Whether users dual-stack or tunnel to IPv6 the security requirements are mostly the same. Waiting for end-to-end dual-stack to be deployed all the way to the home CPE to complete is a multi year project. And I don't see IPv6-in-IPv4 tunnels impeding rollout of native IPv6 if the tunnels clients AND servers are fully under control of the ISP and part of their network. The rule here is for ISPs to avoid using Teredo, 6to4 and ISATAP tunnels which, unfortunately, are everywhere.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/attachments/20110609/1bc9cea4/attachment-0001.html

More information about the Menog mailing list