In a previous post (http://www.itdojo.com/blog/?p=6) I discussed the inevitability of an IPv6 migration for all of us. It is going to happen and you are going to do it. The question, of course, is when. Before the when occurs I think we all need to come to grips with the “why” of the migration. I’m a big fan of IPv6. Of this there is no doubt. I have been itching for the migration to gain momentum for several years. It recently occurred to me that I want the migration for reasons that really don’t matter to most. I love technology (“…but not as much as you, you see. But I still love technology. …Always and forever …always and forever…”). I love it because it’s cool. Something like a protocol migration is right up my alley. I do have to admit that neither love nor coolness is a valid reason for a migration. That fact has always left me a little lost for words when people ask me why they should they migrate. No matter how loudly and emphatically I shout I’m still not winning over the masses.

So what are the real reasons to migrate? Are there any valid points I can make to convince an organization to get moving on this? Well, yes. Sort of. I can make a few points but I fear the average company is not going to be swayed by them. When I think about the reasons why a company should move to IPv6 I can’t help but draw some comparisons to the current “green” movement going on in America (and the rest of the world). I am not a terribly green person. Don’t get me wrong, though. I don’t throw trash out the window while I’m driving and I don’t find any sport in standing on my front porch emptying CFC containing cans into the air. I also don’t make day-to-day decisions that put me in the “green” category. The reason is simple: I’m just not buying the hype. Right or wrong I don’t believe that my choices make that much of a difference. I do not drive a hybrid and I don’t plant a tree to offset my carbon signature every time I drive up north. I don’t deny gale force winds from my AC unit and I would rather burn the leaves I rake than bag them up. My decisions and my lifestyle work for me. Today, in the here and now, they work. I may be a dummy and I may be so incredibly wrong that I’ll come to regret it later and if you’re one of those greenies getting ready to blaze me up with an email telling me all the reasons why I should care, don’t bother. Despite your presentation of facts (yes, I saw An Inconvenient Truth, http://en.wikipedia.org/wiki/An_Inconvenient_Truth) and despite the passion with which you write, I won’t be swayed. I’m just not ready to be believe the hype (Yes, I can actually hear Chuck D singing in my head right now (http://www.youtube.com/watch?v=yVMbnF9-l5w). I can’t (or won’t) see far enough beyond my own day-to-day needs to make a change that I see as nothing more than expensive way to give up convenience, quality and performance in order to be politically correct. There. I said it. So how does my lack of greenness relate to IPv6? Simple: I’m Corporate America. The same way I feel about being green is how Corporate America feels about moving to IPv6. In effect, it’s a lack perspective on a larger scale. Moving to IPv6 may have more benefits for the world Internet community than it does for the individual company. That fact may be a part of the reason we are moving so slowly toward IPv6. Getting companies to believe means that they are going to have to accept that some of the reasons aren’t selfish, that they are ultimately for the greater good.

So what were those migration reasons? Who do they really benefit? The world or the organization? Well, here they are (Note: Props to Joseph Davies for bulleting these points in his book, Understanding IPv6.:

• IPv6 eliminates the current address depletion issue. We are running out of IPv4 addresses at a rapid rate. I firmly believe that IPv6 will eliminate any space issues well beyond my lifetime. My wildest contemplations cannot conjure up a way we can exhaust this address space.
  Benefit: Global. In today’s IPv4 networks we don’t have any real address space pressure. The RFC 1918 Private Address Space is bigger than even the largest company (several times over). Nobody is really running out of IPv4 addresses in their internal enterprise.
  
• IPv6 solves the disjoint IPv6 address space problem. All of our networks have an inside and an outside. The inside usually uses private IP addresses. The outside uses public IP addresses. We use NAT to translate traffic as it moves between the two. With IPv6, public IP addresses will be assigned to every device in the enterprise (that’s the plan, at least. You do have some control over that).
  Benefit: Organization. The fact that the organization is benefitting isn’t immediately evident to the organization. The very idea of having every node in your enterprise “on the Internet” (which it is if it has a public IP address) causes security folks to go into vapor lock. Let me be clear on this point: Get over it! Public IP addresses and NAT don’t protect your internal network. Firewalls do. NAT devices make decisions about whether or not a packet will be translated and do so when appropriate. The “making decisions” part is firewalling. Remove the need for NAT and leave the firewalling in place. That’s how we roll with IPv6. Done.
  
• IPv6 solves the internal address allocation problem. Because address space is so plentiful in IPv6 you will (should) no longer have to pay a premium for having more public IP addresses. There is no longer a gap between the number of public addresses and the number of nodes in your network.
  Benefit: Organization. See the previous point.
  
• IPv6 restores end-to-end communications. Ahhh, NAT. NAT sucks. It is a cancerous lesion on today’s networks. Most of us don’t quite realize that though. We’ve been using it for so long that we’ve come to believe that it’s supposed to be here. Well, it’s not. It was an afterthought and it wasn’t designed to allow much more than TCP, UDP and ICMP to pass through it. All the other protocols suffer. We typically find ourselves smuggling everything else through a NAT by packaging it up inside UDP (or TCP). It’s overhead on top of latency and it’s a silly way of doing things. Having said that there are two things I must say about NAT. It’s clever and it works. Because we can wrap most anything with a UDP header and because it does actually work it makes many of us unwilling to recognize that there is a problem.
  Benefit: Organization, but only if you are an organization that needs to use non-standard protocols. By non-standard I mean anything other than TCP, UDP and ICMP, of course.
  
• IPv6 uses scoped addresses and address selection. Link-local, Unique-Local and Global Unicast addresses allow traffic to be sent to other nodes on a somewhat limited basis. Traffic sent to a link-local address will never leave the local network segment. Traffic sent to a unique-local address will never leave your enterprise (in theory). Traffic sent (or from) a global unicast address can go anywhere in the galaxy as long as there is a route to get it there.
  Benefit: Organization. Scoped addresses provide a basic level of security. If you want to make sure a packet will never go but so far, use a link-local or a unique-local address. Even hiccups in your firewall rules won’t cause you any pain because the traffic simply isn’t designed to go past a certain point. And each node in your enterprise can (and likely will) have one of each of these address types.
  
• IPv6 has more efficient packet forwarding. IPv6 headers are of a fixed size (40 bytes). An unchanging packet size brings with it the promise of hardware optimized to deal with them. This means that the actual packet switching process will become faster. In addition to this the IPv6 address space is being carefully distributed at a global level and routing tables should be significantly smaller than they are today. This promises faster routing decisions for packets moving through the Internet.
  Benefit: Global. Yes, individuals benefit but this one is really a bigger benefit to the masses. It is somewhat similar to fixing a bad traffic pattern that causes a lot of congestion. It sucks when you’re caught in it but a lot more people are being affected than you.
  
• IPv6 has support for security and mobility. IPSec support is mandatory and mobility support is optional. They are built-in. They are not add-on’s like they are today. Mobility has been tweaked a bit but IPSec is largely the same animal we know today. Because protocol functionality previously provided by ARP and IGMP has been absorbed into IPv6 (both of those functions are now handled by ICMP packaged up in a multicast packet) they can now be secured with IPSec. Even things like DHCP can be secured with IPSec if you want them to.
  Benefit: Organization. The lack of NAT and the integration of IPSec into IPv6 will make VPN’s much easier to deploy. The lack of protocol “add-on’s” like ARP and IGMP making securing everyday management traffic a lot easier, too.

Even though the bullets above seem to point to the individual organization reaping the biggest benefit for an IPv6 migration we have to acknowledge that the network implementations we have today are working. No, they are not optimal but they do work. And that means that the only real way for organizations to get serious is to come to terms with two points:

1. Networks today are not optimal and IPv6 will make them better. Even though they are functional they are not performing as well as they could be. IPv6 networks will produce an environment that will increase performance. Most of that performance increase will come to the Internet as a whole and not so much to individual companies.
2. Even though you may not see how the benefits of IPv6 are going to help your company you need to be more “green” about it and realize that your migration will benefit not just you. By participating now you are helping the whole networked world become a better place. And that means many of the same things it means to be green: it’s going to cost you money you’d rather not spend, it won’t be convenient on the front-end (it may actually be painful at first) and there is no guarantee that your neighbors are going to do their part in the near future.

So there you have it. Give it some thought.

A few weeks ago I had a student in class who was a very smart and experienced IT guy. During a discussion on a break he nostalgically mentioned that he missed the days when it was possible to know virtually everything in the world if IT. Those days have been gone for a long time but it was once fairly true; you could know almost everything. Things just weren’t as complex and intricate as they are today. Now, I know that what I am today calling complex will seem so simple and elementary in 10 years but for now each day is a new pinnacle.

My student’s comment got me thinking about something that I have carried around in my head since high school (e.g. just a tick under 20 years). I was a linebacker on my high school football team and one Friday night, while playing Garfield High School up in Northern Virginia something simple yet remarkable happened. Garfield was set to kickoff the ball and they were kicking into the wind. The kick was very high and very short. As I watched from the sidelines I saw my teammate run up under the ball and then, sensing the stampede of Garfield players coming towards him, decided he was going to let the ball hit the ground. He ran out of the way of the ball to avoid having it hit him. The ball hit the ground and rolled to a stop. My teammates as well as the Garfield players all began trotting off the field. One player on the Garfield side was acting weird. He continued to sprint toward the ball, knocking surprised players from both sides of the field out of the way in the process. In what appeared to be an idiotic moment he dove on top of the ball while everyone on the field sat and watched with a sense of curiosity …except the referee. After jumping on the ball the ref blew the whistle and then gave the signal to indicate that the ball was dead, and it was 1st and 10 for Garfield!!! My teammates reacted in protest and Garfield’s players, most of whom didn’t understand what had just happened, celebrated.

What did happen? On the field that night were 22 football players. One of them was a student of the game. He knew the rules and he knew how the game is played. He studied the game in every aspect and knew things that other players didn’t. In football a kickoff is different than a punt. After the ball goes 10 yards on a kickoff it is a live ball and anyone can retrieve it (in the NFL you can pick it up, but not in high school …at least when I was in high school). As a student of the game, he stood out. That guy, who I never knew, and that moment have been in my head for more than 20 years. I learned an important life lesson that night and I have applied it to my almost everything I do in life, Information Technology included.

I have to admit that it is no longer possible to know everything. I’m sad about it because there is so much really cool stuff going on in the world of IT today that I feel like I’m missing out on some really neat things. I just can’t keep up. None of us can. Having said that, you still have to be what the Garfield player was so many years ago: a student of the game. No, you don’t have to know everything but you do need to know something about everything. I have long since come to believe that the world of IT is analogous to the world of medicine. In the medical field your family doctor is a general practitioner, they know a little bit about a lot of things. When something comes up that is beyond their level of knowledge they refer you to a specialist. The specialist has a litte bit of knowledge about a lot of things but has a lot of knowledge about something specific. That is the direction the world of IT has gone …almost.

Many of us have become very specific in what we do. There are people who focus exclusively on switches (in the LAN), routers (in the WAN), the desktop OS and the servers on the backend. There are developers, database admins and security specialists. Security specializations have become so specific that some of us just focus on one aspect of security (IPS/IDS, firewalls, VPNs, etc.) Applications have become so big and feature rich that some of us specialize only in an app (Microsoft Exchange, for instance). The specialization we see today is cool and to some extent necessary. Again, things are much more involved than they once were. The problem I see is that we are consistently becoming too compartmentalized focused only on our part of the whole. That is a dangerous direction. Because things are becoming more and more distributed and internetworked it is no longer acceptable for you to only specialize on certain things. You have to become a student of the whole game, not just your position. If you are a firewall administrator you need to learn about database management and application development. You don’t have to be a rockstar, just don’t be an idiot. Read a book on programming; write a little code of your own. Learn how Active Directory works, explore Microsoft Exchange. Learn the fundamentals of 802.11 wireless LANs and how 802.11i helps to secure the wireless world. Develop a working knowledge of HTML and CSS. Learn a little bit about PHP and MySQL so you can appreciate the revolution they long ago created on the World Wide Web. Take some time to learn how XML and XSL are changing the world. It’s crazy what it can do. Even though these things don’t always apply directly to job responsibility you will find that you are better at what you do as a result. Become a student of the game. Learn new things. If you do, there will be more days where you are that 1 out of 22 that teaches us all something about the way things work.

New site out there … wish I thought of it. http://www.glassdoor.com
Glassdoor is site that allows you to review your current employer and anonymously tell how it really is to work where you work. Their “show me yours and I’ll show you mine” approach is going to be a hot topic in short time. Are you thinking about working for Booz-Allen? How about Northrup-Grumman? Well, make a visit to glassdoor and see what employees are saying before you decide to buy in to the hype being sold to you by the recruiters. Is it true or a bunch of bunk? I’ve heard that Booz is a very cool place to work and most of the people I know who work there are pretty happy but I’ve only met a few of its people. I wonder how the majority feels. Glassdoor is going to help us know the truth.
If I have a fear about glassdoor it’s that it will do little else than serve as a place for people to bitch about how much their company sucks. Hopefully we will get a blend of good and bad so it can become a useful tool. Time will tell. Grumpy people tend to post more than happy workers. For now, head over there and tell us what’s up at your shop. Is it awesome? Does it suck? After you do that, start seeing what they have to say about places you think you’d like to work. Maybe glassdoor will change your mind …or solidify your desire.

I’m working from home today. And I’m increasingly not alone. How many times a day do you hear people talking about the price of fuel? I’m just as sick of talking about fuel as I am of paying for it. Up to this point I have heard a lot of grumbling about gas prices but I personally have not met a large number of people who are changing how they live their lives as a result. But that is changing. As I write this regular unleaded is a little over $4/gallon and diesel (which both of my cars use) is about $4.75/gallon. My most fuel efficient car gets about 26 MPG in the city and when I do the math on my commute I am spending about $8/day getting to and from work (and yes, my wife and I ride together to the office). $40/week or $160/month is not a fun amount to pay but it’s not causing me to move yet either. But for some people, things are getting more and more difficult.

Now, I don’t have long-term solutions or political rhetoric to spew here. My spidey senses, however, tell me a change is arriving as I type. That change is the telecommuter. Having no idea what fuel prices will eventually rise to I forsee a time in the near future when an increasingly large number of employees work from home at least part of the week.

Let’s consider the average office worker, Tyler. Tyler makes about $35K and commutes about 40 miles round trip to work. His car, which he is upside down on and can’t trade in gets about 18 MPG in the city. Assuming gas is $5/gallon he is spending about $50/week on fuel just for his commute to the office. That’s $200/month, $2,400/year (not counting holidays, vacations, etc.). Back when fuel was $2.50/gallon (which I remember everybody said was insane) it was $1,200/year and back when prices were reasonable ($1.25/gallon) it was a mere $600 per year. In the past 3-4 years Tyler’s annual commute cost has increased 400% for a true dollar amount of $1,800. Tyler is going to react. One of his many reactions is going to be to go to his boss and say, “I want a raise.”

A raise of $1,800 is a little over 5% given Tyler’s current salary and most companies don’t give 5% raises. What’s more, if they did give a 5% raise it would only bring Tyler back to even. None of the other collateral increases Tyler is experiencing because of increased fuel costs are being addressed (groceries, etc.) And if we factor in the taxes involved on the additional $1,800 in salary it really won’t even cover his increased fuel cost. Tyler would need an 8% or 9% raise to accomplish that. Companies are not likely to be able to afford giving workers bumps in salary like that so I see a few choices:
1) Tell the employee that they will not get a raise and risk losing them (we’re assuming Tyler is an employee you want to retain)
2) Let Tyler work from how 2-3 days/week and provide him a laptop that has VPN connectivity to the office.

And here is where the IT shop comes into play. I believe that we will begin to see a lot more users given laptops and extended the opportunity to work from home. On paper it makes sense for the company. The choice between paying Tyler an additional $1,800/year or buying him a $900 laptop that he can use for multiple years isn’t a choice at all. As an extra bonus, Tyler is going to like his job even more because of the new flexibility in his work schedule. An arguably better bonus for the company is that if you buy the laptop you now have a depreciating asset on the books and that’s got some benefits come tax time.

The moral of the story is this: IT people, get to work on your VPN skills and make sure your remote management mojo is in high-gear. Our workforce is about to stop coming in to the office. And one thing is true about VPN technologies: When they work they tend to be great. When one little thing is wrong, they don’t work at all. Your ability to sit down at Tyler’s computer is about to get a lot harder …unless you drive out to his house, of course. Be sure to fuel up before you go.

The stage was set before the price of fuel went out of control: VPN’s, VoIP and really easy video conferencing. In hindsight these technologies were solutions waiting for really good problems. Well, now we have one…

“You hear that? That is the sound of inevitability…” - Agent Smith, The Matrix.

You will migrate to IPv6. It will happen. You will not be able to resist.

Corporate America is resisting IPv6. It doesn’t appear to be active. The resistance is quite passive, really. Ostriches with heads buried snugly in the sand. Many of us have heard the rhetoric surrounding IPv6. A few of us have even listened …a little bit. But the reality is that most of us are paying the same amount of attention to the harbingers of IPv6 that we pay to the disheveled looking guy on the street wearing a “The End is Near” sign on his chest. You give him a wide berth, shake your head in disdain to show that you too realize that he has lost his grip on reality. He is confused, disillusioned. “Poor fool”, you think. If only he were to look around and see that everything is fine. The end is not near. Everything is working. Thing are always getting better. Things are comfortable, familiar and right.

Or are they? Who is disillusioned? Is it him or us? Does a crazy person realize he is crazy? If not, how do you know you aren’t the one getting the wide berth from others?

Sometimes things are broken. Even though they are broken we learn to live with them. We tape them together and add extra screws and supports to make them stay put. We patch em’ up so they function and, over time, we tend to forget that they’re not really right. We’ve got the thing working and the patch we made starts to feel normal. We adapt and become quite adept at using broken tools. Over a really long time we begin to think that the patches are normal; that it’s the right way to put things together. Using this point it is my regretful duty to inform you that your current networking implementation is broken. Don’t disagree with me. Just pay attention. It has been broken for so long that you don’t even realize it. In fact, unless you’ve been around for a VERY long time you were probably taught the broken way of implementaiton from day one. We have been doing it for a long time now. I know this to be true because I am the teacher. I have been teaching people how IP works for years. I teach IP-based network implementation, IP-based network design and security and I teach IP-based network troubleshooting. And, for the most part, I have been teaching people how to build and maintain IPv4 networks using duct tape and popsicle sticks. I have been teaching it this way because it’s really the only practical way to do it. IPv4, you see, isn’t supposed to be here. We outgrew it long ago. We grew so fast that we didn’t have a chance to do it right. We found workarounds and patches to allow IP to continue to work for us even as we outgrew it. Those workarounds are things that many of us think of as normal. Classful IP Addressing, Network and Port Address Translation (NAT & PAT) and Private IP Addressing (to name a few) are all afterthoughts; workarounds to allow an address space to function in a world where it was quickly becoming obsolete. The problem with things like NAT and Private IP addressing is that for the most part they work very well and that has allowed them to overstay their welcome and lull many of us into submission, thinking that everything is working as it should.

If you are comfortable with the status quo and are resisting IPv6, actively or passively, you are screwing up the single biggest IT opportunity you will ever have. I seriously mean that. Take a moment and think about your organization and all the ones for which you have worked before. Were they models of efficiency with systems and solutions only put in place after careful comtemplation, expert design and lengthy testing? Or did they start out with good intentions only to get lost in the day-to-day grind, becoming a patchwork quilt of compromises, workarounds and disabled features? Those who identify with the latter are in the majority. Few of us have every been able to build a network from scratch. It’s not a common opportunity. But with IPv6 virtually every shop on the planet gets a fresh slate, a chance to do it right. As of this moment you still have the ability to carefully design and deploy your IPv6 network. You have this chance only for a limited amount of time. Soon the pace of IPv6 will begin to accelerate faster than any of us anticipate. You will wake up one day and find yourself behind everyone else. You will enter into panic mode and you will deploy IPv6 quickly without the necessary time devoted to planning and design. You will have lost your opportunity. Don’t let it happen. Get smart about IPv6 now. The migration is underway.