[BBLISA] anybody doing IPv6 for real operations?/possible presentation topic

Tom Limoncelli tal at whatexit.org
Thu Mar 11 22:11:24 EST 2010 

I think most people are going about it wrong.  Don't try to convert
all your desktops and servers to IPv6 as your first experiment.
There's rarely any value to this and it is biting off too much for a
starter project.

Here are two success stories I've seen repeated at multiple companies:

Story 1.  Work from "the outside -> in".  Get the path from your ISP
to your external web server to use IPv6.  That's a big enough
challenge for your first project, has a real tangible value ("the
coming wave of IPv6-only users will have access to our web site"), and
requires modest changes: a few routers, some DNS records, and so on.
Plus, your external web presence has a good dev -> qa -> production
infrastructure that you can leverage to test things properly (it does,
right?)

At many companies web services are behind a load balancer or reverse proxy.

ISP -> load balancer -> web farm

If your load balancer can accept IPv6 connections but send out IPv4
connections to the web farm, you can offer IPv6 service to external
users just by enabling IPv6 the first few hops into your network.  As
each web server becomes IPv6-ready, the load balancer no longer needs
to translate for that host. Eventually you're entire web farm is
native IPv6.  Doing this gives you a throttle to control the pace of
change.

The value of doing it this way is that it gives customers IPv6 service
fast, and requires minimal changes on your site.  We are about 567
days (http://www.potaroo.net/tools/ipv4/index.html) away from running
out of IPv4 addresses.  Around that time ISPs will start to offer home
 ISP service where IPv6 is "normal" and attempts to use IPv4 will
result in packets being NATed at the carrier level
(http://www.isc.org/software/aftr and
http://www.networkworld.com/community/node/44989 ).  Customers in this
situation will get worse performance for sites that aren't offering
their services over IPv6.  Speed is very important on the web. More
specifically, latency is important.
(http://www.datacenterknowledge.com/archives/2009/06/24/the-billion-dollar-html-tag/)/
 Sites that are offering their services over IPv6 will be faster for
new customers.  Most CEOs can understand "it will help us gain new
customers."

Of course, once you've completed that and shown that the world didn't
end, developers will want to test their code under IPv6. You might
need to enable IPv6 to the path to the QA lab or other place. Another
path will be requested. Then another. Then it makes sense to do it
everywhere.  Small incremental roll-outs for the win.

I'm not involved in Google's IPv6 efforts (i.e. give the credit to my
co-workers http://www.youtube.com/watch?v=vFwStbTpr6E ), but we've
publicly shared what we're doing. (Including videos from our
self-organized IPv6 summit:
http://www.youtube.com/watch?v=o5RbyK0m5OY)

Most importantly we've learned that it turned out to be pretty easy
and not expensive.  Heck, we're now sending YouTube traffic over IPv6.
 If you know of a better load test for the IPv6 code on a router,
please let me know!

http://www.networkworld.com/news/2009/032509-google-ipv6-easy.html
Google: IPv6 is easy, not expensive
Engineers say upgrading to next-gen Internet is inexpensive, requires small team

If you aren't receiving an "AAAA" record when you query
www.google.com, and you are using IPv6, you may not have been
whitelisted.  More info here: http://www.google.com/intl/en/ipv6/


Story 2: (somewhat similar to Story 1)

Some people run into their boss's office and say, "OMG we have to
convert everything to IPv6".  They want to convert the routers, the
DNS system, the DHCP system, the applications, the clients, the
desktops, the servers.

These people sound like crazy people.  They sound like Chicken Little
claiming that the sky is falling.

These people are thrown out of their boss's office.

Other people (we'll call these people "the successful ones") go to
their boss and say, "There's one specific thing I want to do with
IPv6. Here's why it will help the company.  I promise not to touch
anything else."

These people sound focused and determined.  They usually get funding.

The funny thing is that this second group of people go off to do their
"one specific thing" and find there are so many dependencies they
eventually do all the upgrades that the "crazy" person wanted to do:
update routers, the DNS system, the DHCP system, clients, servers,
desktops and other stuff.

The difference is that these people got permission to do it.

Comcast found their 'one thing" to be: Settop box management.
Every settop box needs an IP address so they can manage it.  That's
more IP addresses than they could reasonably get from ARIN.  So, they
used IPv6.  If you get internet service from Comcast, the settop box
on your TV set is IPv6 even though the cable modem sitting next to it
providing you internet service is IPv4.  They had to get IPv6 working
for anything that touches the management of their network:
provisioning, testing, monitoring, billing. Wait, billing?  Well, if
you are touching the billing system, you are basically touching a lot
of things.  Ooh, shiny dependencies.
http://www.6journal.org/archive/00000265/01/alain-durand.pdf

Nokia found their "one thing" to be: power consumption.
Their phones waste battery power by sending out pings to "kee the NAT
alive".  By switching to IPv6, their phones can turn off their antenna
until they have data to send.  In an industry where battery life is
everything, any CxO or VP can see the value.  Watch the video:
http://www.youtube.com/watch?v=o5RbyK0m5OY

Like Chicken Little says, we should be concerned with converting
everything to IPv6.  However the pattern is that successful projects
have picked "one thing to convert", and let all the dependencies come
along the way.

In summary:
a.  find one high-value (to your CEO) reason to use IPv6.  Convert
just that one thing.  There will be plenty of dependencies and you
will end up touching many components of your network.
b.  for most sites, work 'from the outside -> in".  A load balancer
that does IPv6<->IPv4 translation will let you get instant results and
give you a throttle to control the speed at which services get native
support.

Tom
P.S. There is a tutorial on IPv6 at http://picconf.org on May 7-8, 2010.

-- 
http://EverythingSysadmin.com  --  http://www.TomOnTime.com
Computer and network administrators... Spread the word!
       LOPSA New Jersey Professional IT Community Conference
       New Brunswick, NJ, May 7-8, 2010 -- http://picconf.org

More information about the bblisa mailing list