RFC 5453 is one of the shortest RFC’s I have ever read.

RFC 5453, the most recent RFC dealing with IPv6 (a statement that will be true for about the next 10 minutes), addresses a real, albeit fairly unlikely, scenario.  The 64-bit interface identifier of a node’s global unicast address is randomly derived (via one of many possible mechanisms).  There is a possibility that a node can randomly choose an interface ID (IID) that is reserved for a standardized service or process.  This can have any number of negative effects on the unfortunate node as well as the service.

RFC 5453 simply starts a standardized list of 64-bit IIDs that are unavailable for node use.  Vendors will be able to use this list to make sure their OS’ don’t let nodes select addresses from the ranges defined in the RFC.

As of today there are two ranges defined; a short list no doubt.  It will grow over time and now there is a standardized way to keep track of them all.

Simple.  Efficient.  Necessary.

Cheers,

Colin Weaver

Subnetting.  A simple thing that fills many with dread.  The swirl of numbers flying about when discussing subnetted networks can make your head respond in kind.  If subnetting wasn’t challenging enough we have long dealt with this thing, this ’subnet-zero’ thing.  Discussion on the topic (this post included) lingers for some unknown reason.  It vexes me.  I even read a recent post (written about a month ago) that suggested NOT using it was still a viable concept.  At the risk of taunting the author I shall refrain from links to that post.  I can’t tell you how much I disagree with such a statement.  Well, scratch that.  I actually can tell you how much I disagree.  Please enjoy:

First, a review:  What is ‘ip subnet-zero’?

It’s a command you enter into a Cisco router (or L3 switch), actually.  From global configuration mode you have two choices:  ip subnet-zero or no ip subnet-zero.  If you want to use this thing we call subnet zero you enter the former.  If you don’t want to use it, enter the latter.  And I don’t understand you if you don’t want to use it.  Cisco doesn’t either.  They have been telling you for a long time that you should be using it.  The command has been enabled by default since IOS 12.0 which has been out for the better part of a decade.  To stop using it you would have to intentionally go into the router and disable it (e.g. no ip subnet-zero).  And who are you to disable a Cisco default?  Hmmph.  I thought so.

So it’s a command.  Cool.  But what does it actually do?  In simple terms the command controls whether or not the all zeroes and all ones subnets are valid.  Easy enough to say but it’s a little more involved to understand.  Let me explain by way of example.  Here is an example of a simple subnetting problem that uses subnet zero (and yes, I’m assuming you already have a little bit of subnetting skill):

In this example we take the 192.168.44.0/24 network and subnet it by 4 bits,  dividing it into 16 networks.  If we look at the newly created networks a little more closely we will see something interesting.  Using the image below, notice that the first network has all of the subnet bits set to zero.  Also notice that the last network has all of the subnets bits set to one.  We call the network with the subnet bits set to zero the “all zeroes subnet”.  We call the network with the subnet bits set to one the “all one’s subnet”.  Pretty clever names, I know.  Collectively we refer to both of them as subnet-zero.  Yeah, that makes sense?  Deal with the weirdness.

Subnetting with IP Subnet-Zero

Two things you need to notice:

First:  To the user, the all zeroes subnet looks alamringly like the original network.  The original network was 192.168.44.0/24.  The all zeroes subnet is 192.168.44.0/28.  Does that creep you out?

Second:  The all one’s subnet has a decimal value equal to the subnet mask value in the last octet AND the broadcast address of the all zero’s subnet is 192.168.44.255 which is identical to the broadcast address of the original network (192.168.44.0/24).   How about that?  Feeling spiders crawling up your legs?

What’s my point?

First:  People got confused by the striking similarity between 192.168.44.0/24 and 192.168.44.0/28.  Let me restate that in case you didn’t catch it.  People got confused by… (never mind the rest, it doesn’t matter).  The important word, in case you missed the italics, is PEOPLE.  Computers, routers and other network devices were NEVER confused by the apparent similarity.  To the computer, a device which thinks only in binary, 192.168.44.0/24 is just as similar to 192.168.44.0/28 as 11.12.0.0/14 is.  The difference is plain to see for the computer.  The same can’t be said for the fragile mental stability of the network administrator.  Because people were confused the decision was made long ago to simply throw out the all zeroes subnet.  Just don’t use it.  Problem solved!  Outta’ sight, outta’ mind!  The word lame comes to mind.  How, in this world of IP address space exhaustion, can you even begin to condone throwing away a perfectly good network for the sole purpose of preventing confusion with the network administrators?  Uh, you can’t.  Your network people need to get over it.  Suck it up, use the addresses.  “Waste is a thief!” (my token Fight Club reference)

But wait!  There’s more!

Second:  We didn’t just throw out the all zeroes subnet.  We threw out the all one’s subnet along with it.  The confusion surrounding the decimal value of the last network value being equal to the subnet mask and the hosts having a decimal value greater than the subnet mask combined with the whole, “Hey the broadcast address of the last network is the same as the broadcast address of the original network”, thing caused “they” (whoever they are) to toss out the all one’s subnet, too.  What was that word again?  Oh yeah!  Lame.

The all zeroes subnet and the all ones’ subnet are both perfectly valid networks.  They should be used and are used in environments that are movitvated to squeeze all of the usefulness possible out of the IPv4 address space.  So, if you haven’t been using it you need to get busy doing so.  Have I mentioned that NOT using subnet-zero in IPv6 isn’t going to be an option?  When your ISP gives you a prefix of 2001:ABCD:1234::/48 guess what your first usable network is going to be …2001:ABCD:1234::/64.  How do you like them apples?  Ha!

Colin Weaver

About a year and a half ago I was working on writing a book that forced me to learn that about 16-17% of the Earth’s population had Internet access.  This is a stunningly low percentage of people.  I laugh at myself whenever I get grumpy for not having connectivity every single place I go.  My sense of entitlement to net access is pretty …American?  Regardless, I expect it.  I have to force myself to feel privileged for being in the incredibly small percentage that does have connectivity pretty much everywhere (thank you, mobile phone).

This morning I decided to see how the planet was coming along.  Wow.  What a bump.  According to http://www.internetworldstats.com/stats.htm a little under 22% of the population is now connected.  That shakes out to about 1.46 billion people.  The number of connected people seems to be growing at about 4% per year.  That’s impressive by itself but even more impressive when you consider the fact that the earth’s population is increasing at an insane rate at the same time.

IPv6 was designed with the year 2050 in mind; a time when we expect there to be somewhere around 10 billion people puttering around.  Even with 100% penetration (e.g. everybody on Earth has Internet connectivity) there are still more than enough IP addresses to go around.  And around.  And around.  In fact, with a population of 10 billion thera are 2 billion /48 networks per person.  Each /48 network has 65,536 possible subnets.  Each subnet has 18.4 quintillion possible addresses.  So that’s (2,000,000,000*65,536)*18.4 quintillion addresses per person.  We should be good.

NAT - A Black Mark on IPv4's Name

NAT-free Network - Global Unicast Addresses for Everybody!!! Bye-Bye NAT!

What happens where there is no longer any pressure on the IP address space?  Imagine there are more addressess available than we conceive uses for (famous last words, I know).  If there is no pressure on the IP address space why do you need a device to translate the private to the public (and back again)?  Uh, you don’t.  So, no pressure on address space means no NAT necessary.  We still need the firewall function, of course.  The need to protect the inside from the outside will remain forever.  And there is it, the future:  IP version 6.  IPv6 virtually eliminates the pressure on the IP address space.  Everybody on this planet will have enough IP addresses available to them that they will never again have to worry about whether or not there are enough IP addresses.  Well good.  That’s one less thing to worry about, right?  All that remains is the need to firewall.  And that is all that needs to stand between your so-called private network and the Internet.  And that’s the way it should be.  For some of us that will be a new paradigm.  Without that false sense of security we get from NAT there are many who will feel exposed with their internal nodes having public IP addresses and only a firewall (or two or three or four) to protect them from the nasties.  Trust me, it’s going to be OK.

IPv6!!!!

In the world I see my toaster will have an IPv6 address.  So will my alarm clock, my washer and dryer, my dishwasher, my oven, my microwave, my home theater components, my remote controls, my light switches, my sprinkler system, my garage doors, my ceiling fans, my garbage disposal, my keg-erator, my hot water heater, my air conditioner, my water purifier and my refrigerator.

I know.  Many of these devices already have IPv6 addresses.  But I see a world beyond that.  In the world I see the books in my library will have IPv6 addresses.  They will be in my entertainment database and I can query a myriad of information about them.  My system will look them up on-line and return an author bio, related materials, suggested readings, blog posts about the book and other such information.  In the world I see all I need to do is buy the book and bring it home.  When I come in the door it will be automatically detected and added to a pending queue in my database.  Once approved it will become part of my collection.  It’s location will be monitored in my home.  If I misplace it I will be able to use my wireless location system to find its exact location (was it in the upstairs or downstairs bathroom?).  The current induced into the book by my RFID system will reveal all to me.

My car keys will never be lost in the house again.  Neither will my TV remote control.  Nor my cell phone or my wrist watch.  Their location will be tracked.  RFID.  The IPv6 address of my keys will be different than those of my wife.  I won’t find her keys.  I will find mine.  But …I love her so I will find her keys, too.

In the world I see the milk in my fridge will have an IPv6 address.  So will the bread on my counter and the box of Triscuits in my pantry (Cracked Pepper and Olive Oil are the best).  The Earl Grey tea (Picard) in my cupboard will have an IPv6 address and so will each individually labeled packet it contains.  The cinnamon, taragon, red peppers, basil and oregano won’t be left out.  Those jars will also be IPv6 enabled.  When I buy these products and bring them home they will be automatically added to my kitchen database.  When they are used and disposed of they will be automatically removed.  As they approach their last day of freshness I will receive an informational warning on my refrigerator display as well on the main page of my home management system.  If I choose I will also receive an email alert.  Perhaps I will choose to have a periodic message played over my home sound system.  So many choices.  When they exceed their expiration date I will receive an email notification telling me of their demise.  This includes my bananas, my apples and my pears.  That little sticker on each piece of fruit …that’s got an IPv6 address that is read via RFID.  Nothing will expire without my being warned.  “Waste is a thief!” When is the Ben & Jerry’s I bought going to get freezer burned?  I don’t know.  Buy my kitchen does.  She will tell me.

In the world I see the IPv6 address on my milk carton is only the beginning.  I will not only know the expiration date of the milk but I will also know whether it is skim, 1%, 2% or whole.  I will know the brand, the nutritional information and I will know how much milk is left in the container.  I will be able to query this from work and know if a fresh glass is waiting for me upon my return.  This is also true of tonight’s dinner.  I’m feeling like breakfast for dinner.  In the world I see I will be able to query my kitchen to verify the necessary ingredients are available to make waffles, sausage (patties, not links), bacon, scrambled eggs, english muffins, orange juice (I’ll need two glasses, please), coffee and fresh strawberry’s.  If an any ingredients are missing I will be notified and an order for the missing components of tonight’s dinner will be submitted to my favorite grocery store.  The order will be pulled, paid for with my credit card linked account and waiting for me to pick up on my way home.  Or maybe I will have it delivered.  After dinner is done I will be able to store my leftovers in a programmable plastic container (patented burp!) indicating the contents, the date/time of storage and any other information I choose.  No longer will I find moldy surprises at the back of the fridge.  Carpe leftovers!

In the world I see my car will have an IPv6 address.  Many of them, actually.  After verifying that the doors are locked I will be able to start my car from my iPhone while shaving in my bathroom.  The songs I downloaded last night to my home music library will be automatically synced to my car or, if I choose, my car will be connected via VPN to my home and will stream the content directly from my home library.  This will be true no matter where I drive.  My 200 terabyte movie library will be available to my daughter as we drive to visit grandma and grandpa.  She will enjoy the latest high-definition episodes of Sesame Street or Max & Ruby.  Or perhaps we will just talk to each other as we drive.  Technology, after all, isn’t a babysitter.  And of course, the oil filter will be IPv6 enabled, as will the other filters in the car.  We shouldn’t forget the windshield washer fluid level nor the ability to synchronize my current mileage with the manufacturers recommended maintenance.  It’s all there.  Maintenance history, fuel economy, and tire wear …it’s all automatically recorded for me.  Seeing a used car for sale with all the maintenance history will be the norm, not the exception.

In the world I see the air filters installed in my HVAC system will be changed regularly.  I won’t forget about them any more.  Their installation date is automatically recorded in my home management system (HMS) and I am notified when it is time to change them.  If my supply of filters is running low I can configure my HMS to automatically order replacements.  I need only accept them from the delivery driver, not even needing to know that they were ordered until they arrive.  Or, if I don’t trust my system that much, I can approve the order before it goes out.  My choice.

In the world I see the efficiency of my AC unit will be monitored.  As the efficiency drops because the system gets dirty, I will be notified.  A service call be scheduled and paid for with the click of a button.  As I come to trust her judgment I will let her (my HMS, that is) make the appointment for me automatically.  I’ll know the work was done well because my system will report efficiency improvements to me.  I’ll have evidence to support complaints of sub-par work.  I will also be able to query the amount of hot water available in my hot water heater.  I will be able to compile reports on hot water usage by user and/or faucet to determine who is consuming the greatest quantities.  If my son is taking 40 minutes showers while I’m at work, I’ll need to explain him that it costs money to make water hot.  If necessary, excessive use of hot water can be automatically deducted from his allowance (which is automatically deposited into his bank account, of course).  This is also true of his propensity to stand in front of the open fridge, staring aimlessly at the food.  Does he feel that cold air falling on his feet?  It’s not cold air, actually.  It’s nickels and dimes.  Excessive use results in automated allowance deductions.  But I don’t have to catch him doing it.  My kitchen monitors when he opens the fridge, how long it stays open and what he takes out.  I think it will be called a KIDS, a Kid Idiocy Detection System (or maybe it’s Kid Idiocy Prevention System, a KIPS).  Did I mention that we all have RFID chips embedded under our skin?

In the world I see my liquor cabinet is also safe from my teenage daughter and her boyfriend.  When I’m not home my HMS is configured to monitor when a bottle is moved or the amount in a bottle changes.  Each bottle, like the milk in the fridge, comes with an IPv6 address.  If a bottle is moved I am immediately sent an email and a text message.  The cameras in my home security system also begin to automatically record the culprit.

In the world I see virtually everything will have an IPv6 address.  IPv6 plus RFID will connect my home in ways I could not comprehend a few short years ago.  Unlike some I welcome the time when this is true.  Some people, those not like me, are horrified by the idea.  We will probably never agree on things such as this.  The gap is too wide between us.  Why am I so happy to have a world like this?  Simple:

1.  I love technology (but not as much as you, ya’ see.  But I still love technology …always and forever …always and forever).
2.  This much technology so deeply integrated into our lives will require a MASSIVE amount of informaiton networking and inforamtion security.  And that’s what I do.  This means I will ALWAYS have a job.  …I guess you database types will be doing OK, too.
3.  Did I mention that I love technolgy?  I’m excited to see where we can go with this.

Other people are thinking about this.  IPv6 is the enabler.  The faster we move toward it, the faster the world I see will become a reality.  Check out what RFID is doing, too.

Colin Weaver
ITdojo

You got one?  Duh!  You’re reading this so you’ve got one.  You used it to get to this blog.  Technically, I used it to get this blog back to you.  But no matter.  You know what that IPv4 address is worth?  Well, in IPv4 land it’s worth exactly one (1) IP address.  As I write, my public IPv4 address is 72.218.45.48.  I’ve got a bunch of computers and other networked gadgets around the house, all of which are using private IP addresses that are NAT-ed to the public address and sent out into the great yonder we call the Internet.  Ah, but you know all of this, right?  I guess an IPv4 address is worth something more than an IPv4 loosey if you factor NAT into the equation.  But, if you’ve read my other blog entries or had the lovely opportunity to hear my tirade against NAT during class or at a Taco Bell, you know that I hate NAT.

Do you know what your IPv4 address is worth on the IPv6 Internet?  At first thought, you’d think nothing, right?  Since I bother to bring it up you’d be wrong, of course.  Your single IPv4 address (yes, even the one you are using at your house) is actually worth more IPv6 addresses than the whole of the IPv4 Internet …several trillion times over (at the very least).  Let me explain.

IPv6 addresses are 128 bits long.  IPv4 addresses are 32 bits long.  The first 64 bits of an IPv6 address ultimately identify the network.  The last 64 bits of an IPv6 address ultimately identify the node.  This means that each network in IPv6 has 2EXP64 (2 to the 64th power) possible IPv6 addresses.  That’s 18.4 quintillion possible nodes (and some change).  Crazy huge, I know.  So if you had 2 networks you’d have 36.8 quintillion possible IPv6 addresses.  Three networks would give you 55.2 quintillion possible nodes and so on.  It may surprise you to know that your single IPv4 address is already pre-mapped to not one, not two and certainly not three IPv6 networks; it’s mapped to 65,536 IPv6 networks.  That means your lonely little IPv4 address actually represents 18.4 quintillion X 65,536 possible IPv6 addresses.  All for you.  You better get shopping.  You need more toys that have IP addresses.

But how?  How does a single IPv4 address become so many?  IPv6’s architects created a nifty little mechanism called 6to4 that actually does what I’m describing.  They started with a prefix of 2002::/16 and told us to take our 32-bit IPv4 addresses, convert them into hex and append them to the 2002.  Converting my current IPv4 address (70.218.45.48) to hex gives me 48.DA.2D.30.  If I drop the dots we use in IPv4 and insert the colons we use in IPv6 it will be 48DA:2D30.  Append that to the 2002 and I’ve got 2002:48DA:2D30.  That’s a total of 48 bits (2002 is 16 bits + my 32 bit IPv4 address, now expressed in hex).  Writing that in official IPv6 syntax it will be 2002:48DA:2D30::/48.  Earlier I said that the network portion of an address was ultimately 64 bits long?  Well, here are the first 48 of them.  The next 16 bits (48+16=64) are your subnet bits.  Sixteen subnet bits have 65,536 possible combinations.  That means you have 65,536 possible subnets.  Mine, for instance are:
2002:48DA:2D30:0000::/64 (which is actaully written as 2002:48DA:2D30::/64)
2002:48DA:2D30:0001::/64 (which is actaully written as 2002:48DA:2D30:1::/64)
2002:48DA:2D30:0002::/64 (which is actaully written as 2002:48DA:2D30:2::/64)
2002:48DA:2D30:0003::/64 (which is actaully written as 2002:48DA:2D30:3::/64)
2002:48DA:2D30:0004::/64 (which is actaully written as 2002:48DA:2D30:4::/64)
2002:48DA:2D30:0005::/64 (which is actaully written as 2002:48DA:2D30:5::/64)
2002:48DA:2D30:0006::/64 (which is actaully written as 2002:48DA:2D30:6::/64)
2002:48DA:2D30:0007::/64 (which is actaully written as 2002:48DA:2D30:7::/64)
2002:48DA:2D30:0008::/64 (which is actaully written as 2002:48DA:2D30:8::/64)
2002:48DA:2D30:0009::/64 (which is actaully written as 2002:48DA:2D30:9::/64)
2002:48DA:2D30:000A::/64 (which is actaully written as 2002:48DA:2D30:A::/64)
2002:48DA:2D30:000B::/64 (which is actaully written as 2002:48DA:2D30:B::/64)
2002:48DA:2D30:000C::/64 (which is actaully written as 2002:48DA:2D30:C::/64)
2002:48DA:2D30:000D::/64 (which is actaully written as 2002:48DA:2D30:D::/64
2002:48DA:2D30:000E::/64 (which is actaully written as 2002:48DA:2D30:E::/64)
2002:48DA:2D30:000F::/64 (which is actaully written as 2002:48DA:2D30:F::/64)
2002:48DA:2D30:0010::/64 (which is actaully written as 2002:48DA:2D30:10::/64)
2002:48DA:2D30:0011::/64 (which is actaully written as 2002:48DA:2D30:11::/64)
……….
…………….
………. 65,500 or so subnets later…….
2002:48DA:2D30:FFFF::/64 - the very last subnet.

Guess what?  Yours are too.  Notice that the first 48 bits never changed?  Those are for you.  So, I don’t want to hear any discussion about how you can’t tinker with IPv6 because you don’t have any IPv6 addresses available to you.  It’s just not true.  Now, go play.

How do you play with this shiny new toy?  Well, tunnels are fun.  Especially if your current ISP is the suck and doesn’t offer native IPv6 connectivity (like mine).  Ask me and I’ll tell you how.  It’s pretty cool.

Colin Weaver

In a previous post (http://www.itdojo.com/blog/?p=6) I discussed the inevitability of an IPv6 migration for all of us. It is going to happen and you are going to do it. The question, of course, is when. Before the when occurs I think we all need to come to grips with the “why” of the migration. I’m a big fan of IPv6. Of this there is no doubt. I have been itching for the migration to gain momentum for several years. It recently occurred to me that I want the migration for reasons that really don’t matter to most. I love technology (“…but not as much as you, you see. But I still love technology. …Always and forever …always and forever…”). I love it because it’s cool. Something like a protocol migration is right up my alley. I do have to admit that neither love nor coolness is a valid reason for a migration. That fact has always left me a little lost for words when people ask me why they should they migrate. No matter how loudly and emphatically I shout I’m still not winning over the masses.

So what are the real reasons to migrate? Are there any valid points I can make to convince an organization to get moving on this? Well, yes. Sort of. I can make a few points but I fear the average company is not going to be swayed by them. When I think about the reasons why a company should move to IPv6 I can’t help but draw some comparisons to the current “green” movement going on in America (and the rest of the world). I am not a terribly green person. Don’t get me wrong, though. I don’t throw trash out the window while I’m driving and I don’t find any sport in standing on my front porch emptying CFC containing cans into the air. I also don’t make day-to-day decisions that put me in the “green” category. The reason is simple: I’m just not buying the hype. Right or wrong I don’t believe that my choices make that much of a difference. I do not drive a hybrid and I don’t plant a tree to offset my carbon signature every time I drive up north. I don’t deny gale force winds from my AC unit and I would rather burn the leaves I rake than bag them up. My decisions and my lifestyle work for me. Today, in the here and now, they work. I may be a dummy and I may be so incredibly wrong that I’ll come to regret it later and if you’re one of those greenies getting ready to blaze me up with an email telling me all the reasons why I should care, don’t bother. Despite your presentation of facts (yes, I saw An Inconvenient Truth, http://en.wikipedia.org/wiki/An_Inconvenient_Truth) and despite the passion with which you write, I won’t be swayed. I’m just not ready to be believe the hype (Yes, I can actually hear Chuck D singing in my head right now (http://www.youtube.com/watch?v=yVMbnF9-l5w). I can’t (or won’t) see far enough beyond my own day-to-day needs to make a change that I see as nothing more than expensive way to give up convenience, quality and performance in order to be politically correct. There. I said it. So how does my lack of greenness relate to IPv6? Simple: I’m Corporate America. The same way I feel about being green is how Corporate America feels about moving to IPv6. In effect, it’s a lack perspective on a larger scale. Moving to IPv6 may have more benefits for the world Internet community than it does for the individual company. That fact may be a part of the reason we are moving so slowly toward IPv6. Getting companies to believe means that they are going to have to accept that some of the reasons aren’t selfish, that they are ultimately for the greater good.

So what were those migration reasons? Who do they really benefit? The world or the organization? Well, here they are (Note: Props to Joseph Davies for bulleting these points in his book, Understanding IPv6.:

• IPv6 eliminates the current address depletion issue. We are running out of IPv4 addresses at a rapid rate. I firmly believe that IPv6 will eliminate any space issues well beyond my lifetime. My wildest contemplations cannot conjure up a way we can exhaust this address space.
  Benefit: Global. In today’s IPv4 networks we don’t have any real address space pressure. The RFC 1918 Private Address Space is bigger than even the largest company (several times over). Nobody is really running out of IPv4 addresses in their internal enterprise.
  
• IPv6 solves the disjoint IPv6 address space problem. All of our networks have an inside and an outside. The inside usually uses private IP addresses. The outside uses public IP addresses. We use NAT to translate traffic as it moves between the two. With IPv6, public IP addresses will be assigned to every device in the enterprise (that’s the plan, at least. You do have some control over that).
  Benefit: Organization. The fact that the organization is benefitting isn’t immediately evident to the organization. The very idea of having every node in your enterprise “on the Internet” (which it is if it has a public IP address) causes security folks to go into vapor lock. Let me be clear on this point: Get over it! Public IP addresses and NAT don’t protect your internal network. Firewalls do. NAT devices make decisions about whether or not a packet will be translated and do so when appropriate. The “making decisions” part is firewalling. Remove the need for NAT and leave the firewalling in place. That’s how we roll with IPv6. Done.
  
• IPv6 solves the internal address allocation problem. Because address space is so plentiful in IPv6 you will (should) no longer have to pay a premium for having more public IP addresses. There is no longer a gap between the number of public addresses and the number of nodes in your network.
  Benefit: Organization. See the previous point.
  
• IPv6 restores end-to-end communications. Ahhh, NAT. NAT sucks. It is a cancerous lesion on today’s networks. Most of us don’t quite realize that though. We’ve been using it for so long that we’ve come to believe that it’s supposed to be here. Well, it’s not. It was an afterthought and it wasn’t designed to allow much more than TCP, UDP and ICMP to pass through it. All the other protocols suffer. We typically find ourselves smuggling everything else through a NAT by packaging it up inside UDP (or TCP). It’s overhead on top of latency and it’s a silly way of doing things. Having said that there are two things I must say about NAT. It’s clever and it works. Because we can wrap most anything with a UDP header and because it does actually work it makes many of us unwilling to recognize that there is a problem.
  Benefit: Organization, but only if you are an organization that needs to use non-standard protocols. By non-standard I mean anything other than TCP, UDP and ICMP, of course.
  
• IPv6 uses scoped addresses and address selection. Link-local, Unique-Local and Global Unicast addresses allow traffic to be sent to other nodes on a somewhat limited basis. Traffic sent to a link-local address will never leave the local network segment. Traffic sent to a unique-local address will never leave your enterprise (in theory). Traffic sent (or from) a global unicast address can go anywhere in the galaxy as long as there is a route to get it there.
  Benefit: Organization. Scoped addresses provide a basic level of security. If you want to make sure a packet will never go but so far, use a link-local or a unique-local address. Even hiccups in your firewall rules won’t cause you any pain because the traffic simply isn’t designed to go past a certain point. And each node in your enterprise can (and likely will) have one of each of these address types.
  
• IPv6 has more efficient packet forwarding. IPv6 headers are of a fixed size (40 bytes). An unchanging packet size brings with it the promise of hardware optimized to deal with them. This means that the actual packet switching process will become faster. In addition to this the IPv6 address space is being carefully distributed at a global level and routing tables should be significantly smaller than they are today. This promises faster routing decisions for packets moving through the Internet.
  Benefit: Global. Yes, individuals benefit but this one is really a bigger benefit to the masses. It is somewhat similar to fixing a bad traffic pattern that causes a lot of congestion. It sucks when you’re caught in it but a lot more people are being affected than you.
  
• IPv6 has support for security and mobility. IPSec support is mandatory and mobility support is optional. They are built-in. They are not add-on’s like they are today. Mobility has been tweaked a bit but IPSec is largely the same animal we know today. Because protocol functionality previously provided by ARP and IGMP has been absorbed into IPv6 (both of those functions are now handled by ICMP packaged up in a multicast packet) they can now be secured with IPSec. Even things like DHCP can be secured with IPSec if you want them to.
  Benefit: Organization. The lack of NAT and the integration of IPSec into IPv6 will make VPN’s much easier to deploy. The lack of protocol “add-on’s” like ARP and IGMP making securing everyday management traffic a lot easier, too.

Even though the bullets above seem to point to the individual organization reaping the biggest benefit for an IPv6 migration we have to acknowledge that the network implementations we have today are working. No, they are not optimal but they do work. And that means that the only real way for organizations to get serious is to come to terms with two points:

1. Networks today are not optimal and IPv6 will make them better. Even though they are functional they are not performing as well as they could be. IPv6 networks will produce an environment that will increase performance. Most of that performance increase will come to the Internet as a whole and not so much to individual companies.
2. Even though you may not see how the benefits of IPv6 are going to help your company you need to be more “green” about it and realize that your migration will benefit not just you. By participating now you are helping the whole networked world become a better place. And that means many of the same things it means to be green: it’s going to cost you money you’d rather not spend, it won’t be convenient on the front-end (it may actually be painful at first) and there is no guarantee that your neighbors are going to do their part in the near future.

So there you have it. Give it some thought.

“You hear that? That is the sound of inevitability…” - Agent Smith, The Matrix.

You will migrate to IPv6. It will happen. You will not be able to resist.

Corporate America is resisting IPv6. It doesn’t appear to be active. The resistance is quite passive, really. Ostriches with heads buried snugly in the sand. Many of us have heard the rhetoric surrounding IPv6. A few of us have even listened …a little bit. But the reality is that most of us are paying the same amount of attention to the harbingers of IPv6 that we pay to the disheveled looking guy on the street wearing a “The End is Near” sign on his chest. You give him a wide berth, shake your head in disdain to show that you too realize that he has lost his grip on reality. He is confused, disillusioned. “Poor fool”, you think. If only he were to look around and see that everything is fine. The end is not near. Everything is working. Thing are always getting better. Things are comfortable, familiar and right.

Or are they? Who is disillusioned? Is it him or us? Does a crazy person realize he is crazy? If not, how do you know you aren’t the one getting the wide berth from others?

Sometimes things are broken. Even though they are broken we learn to live with them. We tape them together and add extra screws and supports to make them stay put. We patch em’ up so they function and, over time, we tend to forget that they’re not really right. We’ve got the thing working and the patch we made starts to feel normal. We adapt and become quite adept at using broken tools. Over a really long time we begin to think that the patches are normal; that it’s the right way to put things together. Using this point it is my regretful duty to inform you that your current networking implementation is broken. Don’t disagree with me. Just pay attention. It has been broken for so long that you don’t even realize it. In fact, unless you’ve been around for a VERY long time you were probably taught the broken way of implementaiton from day one. We have been doing it for a long time now. I know this to be true because I am the teacher. I have been teaching people how IP works for years. I teach IP-based network implementation, IP-based network design and security and I teach IP-based network troubleshooting. And, for the most part, I have been teaching people how to build and maintain IPv4 networks using duct tape and popsicle sticks. I have been teaching it this way because it’s really the only practical way to do it. IPv4, you see, isn’t supposed to be here. We outgrew it long ago. We grew so fast that we didn’t have a chance to do it right. We found workarounds and patches to allow IP to continue to work for us even as we outgrew it. Those workarounds are things that many of us think of as normal. Classful IP Addressing, Network and Port Address Translation (NAT & PAT) and Private IP Addressing (to name a few) are all afterthoughts; workarounds to allow an address space to function in a world where it was quickly becoming obsolete. The problem with things like NAT and Private IP addressing is that for the most part they work very well and that has allowed them to overstay their welcome and lull many of us into submission, thinking that everything is working as it should.

If you are comfortable with the status quo and are resisting IPv6, actively or passively, you are screwing up the single biggest IT opportunity you will ever have. I seriously mean that. Take a moment and think about your organization and all the ones for which you have worked before. Were they models of efficiency with systems and solutions only put in place after careful comtemplation, expert design and lengthy testing? Or did they start out with good intentions only to get lost in the day-to-day grind, becoming a patchwork quilt of compromises, workarounds and disabled features? Those who identify with the latter are in the majority. Few of us have every been able to build a network from scratch. It’s not a common opportunity. But with IPv6 virtually every shop on the planet gets a fresh slate, a chance to do it right. As of this moment you still have the ability to carefully design and deploy your IPv6 network. You have this chance only for a limited amount of time. Soon the pace of IPv6 will begin to accelerate faster than any of us anticipate. You will wake up one day and find yourself behind everyone else. You will enter into panic mode and you will deploy IPv6 quickly without the necessary time devoted to planning and design. You will have lost your opportunity. Don’t let it happen. Get smart about IPv6 now. The migration is underway.