Tuesday, August 18. 2009IPv6 is comingIt's taken its sweet time getting here, but IPv6 is quickly becoming not only a reality, but a technical necessity. After debates at work with the network administrators over whether it's really needed (they don't think so), I figured it's time to take my own (little) stand on the Internet and prove it's not the scary step into the big unknown that people think it is. My involvement with IPv6 goes back to 2002, after participating in the experimental 6bone network. As ISPs are still very slow to take up IPv6 support, I've ran a dual-stack IPv6 network with Internet connectivity through the free Hurricane Electric Tunnel Broker service on and off since. For those of you not willing to play too much, an alternative has popped up known as Teredo which essentially does the same thing, and support is built into Windows Vista (or you can do it under Linux using Miredo, which has proven to work well on our proxy servers at work). But this isn't enough. With three servers in datacentres around the world (The Netherlands, Australia and the US), I figure it's high time they started to provide IPv6 services. None of them do, and all three of them have told me that they have no plans to support it as nobody else is supporting it. As a result, they're losing me as a customer. My server in Amsterdam is moving to France (with OVH, who are already IPv6 enabled), my Australian server will be moved to Network Presence (IPv6 is on its way), and my server in the US will be merging with the other two as I cannot find a reasonably priced provider who doesn't consider this to be some sort of bizarre specialty thing. It's likely in the future it'll return as a server in Canada instead. Over the coming months, everything will be migrated and therefore transitioned to dual-stack IPv4/IPv6, including DNS, email, web hosting, and so forth. There's absolutely no reason not to do this now, despite all of the idiotic claims that IPv6 is somehow insecure compared with IPv4, and the warnings that there'll be severe incompatibilities. I didn't see that in 2002, and I don't expect it now. If I'm to do this properly, it must be configured so that everything works with IPv4-only and IPv6-only users. My domain name registrar (NameScout) doesn't actually support IPv6 glue yet, but their support team are ready to update the records manually. Users with broken Teredo tunnels may have a load-time impact on web sites, but it's unlikely to cause significant issues, and for security: let's just say I know how to configure a firewall! At home, my Cisco 1751 voice router is doubling as the termination point for my IPv6 tunnel, and traffic is fed through a secondary “outside” VLAN on my ASA 5505 for inspection and filtering. Even without native IPv6 support from my ISP, this system works very well, despite the ≅2Mbps limit of the 1751 router. As far as my ISP is concerned, they (Coditel) have no clue what IPv6 is, and I've practically given up trying to get any sort of implementation timeframe from them. They are upgrading to DOCSIS 3.0 at their head-ends soon (which will allow them to support full IPv6 including management of the CPE), but I'm sure they not in a hurry to even start thinking about IPv6. You can deny it you like, but wait until we run out of IPv4 addresses. What's taking so long, guys? Trackbacks
Trackback specific URI for this entry
Comments
Display comments as
(Linear | Threaded)
Simon Butcher on :The author does not allow comments to this entry
|
Calendar
Creative Commons |
|||||||||||||||||||||||||||||||||||||||||||||||||
