So I’ve just gotten my shiny new O’ Reilly weblog interface, and what do I do? Go and make a post about IPv6; usually enough to make even hardened RSS junkies skip right past. Even worse, I’m a new author (both book and weblog) and have grand plans to lay a cynical eye over current developments in networking, except where they meet my exacting standards, in which case I will hype them as the greatest thing since RFC 822.
Well, that’s fair enough. I might as well consider them my electrons as much as anyone else’s. So the topic to start off with is, appropriately enough, IPv6.
In this short post, I’m going to talk a little bit about the ‘why’ of moving to IPv6. For now I will ignore the usual reasons quoted: running out of addresses, and the sheer thrill of it (depending whether you are on the right of wrong side of the network development department.) It seems to me that there are real, if far-off, opportunities for cost savings if you use IPv6.
IPv4 address management on large networks is in essence made possible (as opposed to *im*possible) by DHCP, which has an unfortunate collection of security and operational deficiencies in its generally deployed configuration, never mind the server code. (Ask yourself what happens to your network if a) your DHCP server(s) go away and b) someone grabs an IP address, increments their MAC by one and repeats this process if you don’t believe me.)
IPv6 has the potential to help fix these problems with address autoconfiguration, and mandatory IPsec. The router solicitation and advertisement features remove one more aspect of manual or stateful (DHCP) configuration that administrators typically have to get involved in. Finally, link-layer IPsec has the potential to cryptographically sign many basic aspects of the protocol, making all of these operations inherently more resistant to fraud, repudiation and general mischief. Admittedly, we are still a way away from doing this easily. But at least it is possible. Saving time on onerous administration saves staff costs, which saves money, which lowers TCO.
I’ve written in other places about this in more detail. although some of the details are no longer relevant, it being two years old. However, it’s still useful to check it out if you’re looking for more detail.