IETF Logo Mail Archive

Re: [v6ops] Why enterprises aren't adopting IPv6 (Re: Implementation Status of PREF64)

Owen DeLong <owen@delong.com> Thu, 30 September 2021 17:26 UTC

Return-Path: <owen@delong.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E7BC3A0DF3 for <v6ops@ietfa.amsl.com>; Thu, 30 Sep 2021 10:26:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=delong.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ah_R0TbadMWL for <v6ops@ietfa.amsl.com>; Thu, 30 Sep 2021 10:26:21 -0700 (PDT)
Received: from owen.delong.com (owen.delong.com [IPv6:2620:0:930::200:2]) by ietfa.amsl.com (Postfix) with ESMTP id 736403A0DF4 for <v6ops@ietf.org>; Thu, 30 Sep 2021 10:26:21 -0700 (PDT)
Received: from smtpclient.apple ([IPv6:2620:0:930:0:d12c:2b24:7049:d8a]) (authenticated bits=0) by owen.delong.com (8.16.1/8.15.2) with ESMTPSA id 18UHQ9WB3527181 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 30 Sep 2021 10:26:09 -0700
DKIM-Filter: OpenDKIM Filter v2.11.0 owen.delong.com 18UHQ9WB3527181
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delong.com; s=mail; t=1633022769; bh=/AdfS3t9CUdwL/rO/g89h/6UsabBQBke6bIRsmXa3sc=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=xcyTu0zD9ETZZ9uLEevpBzIFsrqnSerorzh8yQZO2nWhPVKBeonGuyetVRe8LxpIF aXUbWn8UbaNjH9rweoYDdWj0vclMgf0ET0WKwmF2Vn/Cty0f9bsz8X/MORTAg+ib7u zLWs5Zrohy3URA6msJjw7SnruzVsvltaRLshshR8=
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Owen DeLong <owen@delong.com>
In-Reply-To: <7E8C5F52-596F-4CAB-89EB-B0D5BAF5F612@employees.org>
Date: Thu, 30 Sep 2021 10:26:09 -0700
Cc: Owen DeLong <owen=40delong.com@dmarc.ietf.org>, Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>, V6 Ops List <v6ops@ietf.org>, Jen Linkova <furry@google.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <F8A2146F-E2B8-4B13-8B65-AAD61FB126C3@delong.com>
References: <CAN-Dau2in52xSUkqKEXu=2AAiR4O_jLhna7hY-hshYDORfGtcQ@mail.gmail.com> <CAMGpriWFp4JPtqDK5tEj1RkS-SzEfvscfUUnxgK+o6qP2pusRA@mail.gmail.com> <6E95834D-12B3-447B-8326-8EDE9DC6FFB1@delong.com> <CAO42Z2zA-4cK489nxKsWUN8vvU0eAiz-jS0e-_eWPg+OmP8wLw@mail.gmail.com> <DDA36020-90CC-471B-83AD-3D98950F1164@delong.com> <CAO42Z2wdoSdJDOB2Zo0=ZK0ecOARRsdg2nbHZGSDOhryPbLfDw@mail.gmail.com> <F2BD0A42-E9AD-45DD-999A-638E73BE1177@delong.com> <CAKD1Yr2K3Gd3JD=NJFOoH6GYgs-8ACxRQB9-sKJ7cbF4_hxsow@mail.gmail.com> <0B533C71-5DB0-410D-A5A3-7E8FD559F214@delong.com> <CAKD1Yr3NoYfNT7+OVJoCCdgdif6AHHw29tNCPttS=-NuRZKv3w@mail.gmail.com> <DM6PR02MB692426B0EEDDC2C4D78D8EC0C3A89@DM6PR02MB6924.namprd02.prod.outlook.com> <CAKD1Yr25dtinLBeJpAuJ17NfLg7-ewM9QPvnXNuEJ8wiBQV9ig@mail.gmail.com> <CAO42Z2zqf=F6OTDK2e8cMYXdPgMZ=SgFJcn7BTKYGgcYsLT2iw@mail.gmail.com> <894BCFE9-0811-4AE6-9941-6183292E4431@delong.com> <7E8C5F52-596F-4CAB-89EB-B0D5BAF5F612@employees.org>
To: otroan@employees.org
X-Mailer: Apple Mail (2.3654.120.0.1.13)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.4 (owen.delong.com [IPv6:2620:0:930:0:0:0:200:2]); Thu, 30 Sep 2021 10:26:09 -0700 (PDT)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/v4v6h64383talPCzffRuc_5zSzE>
Subject: Re: [v6ops] Why enterprises aren't adopting IPv6 (Re: Implementation Status of PREF64)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Sep 2021 17:26:26 -0000


> On Sep 30, 2021, at 10:04 , otroan@employees.org wrote:
> 
> Owen,
> 
>>> What is the main problem IPv6 was designed to solve?
>>> 
>>> Lack of IPv4 addresses.
>> 
>> Correct.
>> 
>>> What problem don't many enterprises have since they're using RFC1918s, and could misuse 100.64/10 if they really need to get more.
>>> 
>>> Most enterprises don't have the main problem that IPv6 is designed to solve.
>> 
>> Not entirely true… More accurately, many enterprises are able to pretend they don’t have this problem today because of the above.
>> 
>> However, eyeball providers DO have this problem and its getting worse. Further, eyeball providers are on some of the thinnest margins
>> and consumer IP access is at the low end of the market, so paying for more and more IPv4 addresses and more and more expensive
>> (and more complex) IPv4 solutions and higher support costs for those IPv4 solutions becomes a non-starter at some point.
>> 
>> Either consumer access in general will become significantly more expensive, or eyeball providers will start having to find a way to
>> surcharge IPv4 services (whether that’s in the form of an IPv4 surcharge or an overall price increase with an IPv6-only discount
>> or whatever).
> 
> typically they only use a 1/65535th of an IPv4 address ((one TCP port) although they share it at L7).
> it would certainly be possible to improve on that.
> 
>> I already know enterprises that are experiencing pain because their outsourced contractors in certain parts of the world are basically
>> IPv6-only already and the fact that their contractors can’t interact with the corporate network via IPv6 is causing issues.
> 
> would you have more details on that.
> last time I tried going IPv6 only, that was completely unworkable.
> (while doing IPv4 only is perfectly fine.)

It’s not the inability to do IPv4, the sites in question aren’t IPv4-only, but it turns out that many VPN solutions fail utterly through CGN.

In many countries, it’s virtually impossible to do IPv4 without CGN, but you can readily get IPv6 direct and thus their VPNs to IPv6-
capable customers work while they struggle with IPv4-only customers.

Since my clients are often the IPv4-only customers in question, I see this a lot and the most workable solution is to literally deploy
at least enough IPv6 on the customer side to support the IPv6 VPN termination, even if you end up sending silly IPv4 across the
established tunnel. Usually, I’m able to convince most of my clients that it’s a good opportunity to just dual-stack the systems that
the remote contractors need to access and once IPv6 has that foot in the door and they begin to see that IPv6 isn’t so painful after
all, more complete IPv6 deployment often follows soon after.

>>> For IPv6 to be adopted by many enterprises, there will need to be other reasons that are of business value.
>> 
>> Employee/contractor connectivity is of vale to most enterprises. There’s a time coming when that’s going to require IPv6 support.
> 
> that's what we have been saying for 25 years.
> perhaps time to accept reality. ;-)

I can’t say how fast it’s coming. Certainly it’s a lot slower both than I had hoped and than I had expected, nonetheless, I am seeing
it in the wild now and if you look at the IPv6 statistics for India, I think you’ll see a clear indication of why.

Owen

v2.23.0 | Report a Bug | By Email