In a previous post (http://www.itdojo.com/blog/?p=6) I discussed the inevitability of an IPv6 migration for all of us. It is going to happen and you are going to do it. The question, of course, is when. Before the when occurs I think we all need to come to grips with the “why” of the migration. I’m a big fan of IPv6. Of this there is no doubt. I have been itching for the migration to gain momentum for several years. It recently occurred to me that I want the migration for reasons that really don’t matter to most. I love technology (“…but not as much as you, you see. But I still love technology. …Always and forever …always and forever…”). I love it because it’s cool. Something like a protocol migration is right up my alley. I do have to admit that neither love nor coolness is a valid reason for a migration. That fact has always left me a little lost for words when people ask me why they should they migrate. No matter how loudly and emphatically I shout I’m still not winning over the masses.

So what are the real reasons to migrate? Are there any valid points I can make to convince an organization to get moving on this? Well, yes. Sort of. I can make a few points but I fear the average company is not going to be swayed by them. When I think about the reasons why a company should move to IPv6 I can’t help but draw some comparisons to the current “green” movement going on in America (and the rest of the world). I am not a terribly green person. Don’t get me wrong, though. I don’t throw trash out the window while I’m driving and I don’t find any sport in standing on my front porch emptying CFC containing cans into the air. I also don’t make day-to-day decisions that put me in the “green” category. The reason is simple: I’m just not buying the hype. Right or wrong I don’t believe that my choices make that much of a difference. I do not drive a hybrid and I don’t plant a tree to offset my carbon signature every time I drive up north. I don’t deny gale force winds from my AC unit and I would rather burn the leaves I rake than bag them up. My decisions and my lifestyle work for me. Today, in the here and now, they work. I may be a dummy and I may be so incredibly wrong that I’ll come to regret it later and if you’re one of those greenies getting ready to blaze me up with an email telling me all the reasons why I should care, don’t bother. Despite your presentation of facts (yes, I saw An Inconvenient Truth, http://en.wikipedia.org/wiki/An_Inconvenient_Truth) and despite the passion with which you write, I won’t be swayed. I’m just not ready to be believe the hype (Yes, I can actually hear Chuck D singing in my head right now (http://www.youtube.com/watch?v=yVMbnF9-l5w). I can’t (or won’t) see far enough beyond my own day-to-day needs to make a change that I see as nothing more than expensive way to give up convenience, quality and performance in order to be politically correct. There. I said it. So how does my lack of greenness relate to IPv6? Simple: I’m Corporate America. The same way I feel about being green is how Corporate America feels about moving to IPv6. In effect, it’s a lack perspective on a larger scale. Moving to IPv6 may have more benefits for the world Internet community than it does for the individual company. That fact may be a part of the reason we are moving so slowly toward IPv6. Getting companies to believe means that they are going to have to accept that some of the reasons aren’t selfish, that they are ultimately for the greater good.

So what were those migration reasons? Who do they really benefit? The world or the organization? Well, here they are (Note: Props to Joseph Davies for bulleting these points in his book, Understanding IPv6.:

• IPv6 eliminates the current address depletion issue. We are running out of IPv4 addresses at a rapid rate. I firmly believe that IPv6 will eliminate any space issues well beyond my lifetime. My wildest contemplations cannot conjure up a way we can exhaust this address space.
  Benefit: Global. In today’s IPv4 networks we don’t have any real address space pressure. The RFC 1918 Private Address Space is bigger than even the largest company (several times over). Nobody is really running out of IPv4 addresses in their internal enterprise.
  
• IPv6 solves the disjoint IPv6 address space problem. All of our networks have an inside and an outside. The inside usually uses private IP addresses. The outside uses public IP addresses. We use NAT to translate traffic as it moves between the two. With IPv6, public IP addresses will be assigned to every device in the enterprise (that’s the plan, at least. You do have some control over that).
  Benefit: Organization. The fact that the organization is benefitting isn’t immediately evident to the organization. The very idea of having every node in your enterprise “on the Internet” (which it is if it has a public IP address) causes security folks to go into vapor lock. Let me be clear on this point: Get over it! Public IP addresses and NAT don’t protect your internal network. Firewalls do. NAT devices make decisions about whether or not a packet will be translated and do so when appropriate. The “making decisions” part is firewalling. Remove the need for NAT and leave the firewalling in place. That’s how we roll with IPv6. Done.
  
• IPv6 solves the internal address allocation problem. Because address space is so plentiful in IPv6 you will (should) no longer have to pay a premium for having more public IP addresses. There is no longer a gap between the number of public addresses and the number of nodes in your network.
  Benefit: Organization. See the previous point.
  
• IPv6 restores end-to-end communications. Ahhh, NAT. NAT sucks. It is a cancerous lesion on today’s networks. Most of us don’t quite realize that though. We’ve been using it for so long that we’ve come to believe that it’s supposed to be here. Well, it’s not. It was an afterthought and it wasn’t designed to allow much more than TCP, UDP and ICMP to pass through it. All the other protocols suffer. We typically find ourselves smuggling everything else through a NAT by packaging it up inside UDP (or TCP). It’s overhead on top of latency and it’s a silly way of doing things. Having said that there are two things I must say about NAT. It’s clever and it works. Because we can wrap most anything with a UDP header and because it does actually work it makes many of us unwilling to recognize that there is a problem.
  Benefit: Organization, but only if you are an organization that needs to use non-standard protocols. By non-standard I mean anything other than TCP, UDP and ICMP, of course.
  
• IPv6 uses scoped addresses and address selection. Link-local, Unique-Local and Global Unicast addresses allow traffic to be sent to other nodes on a somewhat limited basis. Traffic sent to a link-local address will never leave the local network segment. Traffic sent to a unique-local address will never leave your enterprise (in theory). Traffic sent (or from) a global unicast address can go anywhere in the galaxy as long as there is a route to get it there.
  Benefit: Organization. Scoped addresses provide a basic level of security. If you want to make sure a packet will never go but so far, use a link-local or a unique-local address. Even hiccups in your firewall rules won’t cause you any pain because the traffic simply isn’t designed to go past a certain point. And each node in your enterprise can (and likely will) have one of each of these address types.
  
• IPv6 has more efficient packet forwarding. IPv6 headers are of a fixed size (40 bytes). An unchanging packet size brings with it the promise of hardware optimized to deal with them. This means that the actual packet switching process will become faster. In addition to this the IPv6 address space is being carefully distributed at a global level and routing tables should be significantly smaller than they are today. This promises faster routing decisions for packets moving through the Internet.
  Benefit: Global. Yes, individuals benefit but this one is really a bigger benefit to the masses. It is somewhat similar to fixing a bad traffic pattern that causes a lot of congestion. It sucks when you’re caught in it but a lot more people are being affected than you.
  
• IPv6 has support for security and mobility. IPSec support is mandatory and mobility support is optional. They are built-in. They are not add-on’s like they are today. Mobility has been tweaked a bit but IPSec is largely the same animal we know today. Because protocol functionality previously provided by ARP and IGMP has been absorbed into IPv6 (both of those functions are now handled by ICMP packaged up in a multicast packet) they can now be secured with IPSec. Even things like DHCP can be secured with IPSec if you want them to.
  Benefit: Organization. The lack of NAT and the integration of IPSec into IPv6 will make VPN’s much easier to deploy. The lack of protocol “add-on’s” like ARP and IGMP making securing everyday management traffic a lot easier, too.

Even though the bullets above seem to point to the individual organization reaping the biggest benefit for an IPv6 migration we have to acknowledge that the network implementations we have today are working. No, they are not optimal but they do work. And that means that the only real way for organizations to get serious is to come to terms with two points:

1. Networks today are not optimal and IPv6 will make them better. Even though they are functional they are not performing as well as they could be. IPv6 networks will produce an environment that will increase performance. Most of that performance increase will come to the Internet as a whole and not so much to individual companies.
2. Even though you may not see how the benefits of IPv6 are going to help your company you need to be more “green” about it and realize that your migration will benefit not just you. By participating now you are helping the whole networked world become a better place. And that means many of the same things it means to be green: it’s going to cost you money you’d rather not spend, it won’t be convenient on the front-end (it may actually be painful at first) and there is no guarantee that your neighbors are going to do their part in the near future.

So there you have it. Give it some thought.