My comments below with a minor correction in the 1st comment. -Ahmed
From: Brian Candler Sent: Thursday, June 09, 2011 12:54 PM To: Ahmed Abu-Abed Cc: 'menog@menog. net' Subject: Re: [menog] Rapid IPv6 deployment for World IPv6 Day On Thu, Jun 09, 2011 at 10:51:26AM +0300, Ahmed Abu-Abed wrote: > >> Until the whole internet AND web content AND networks AND > applications move to IPv6 ONLY then there will be a need for tunneling. > Dual-stacking is needed but it doesn't solve the IPv4 depletion issue, But client-side tunnelling relies on having an IPv4 address too, so it doesn't solve depletion. >> It may not solve depletion but tunneling accelerates IPv6 adoption, while >> "carrier grade" tunnels present a more stable approach than multi-level >> NATs. Future networks will likely be IPv6-only except for the dual-stack >> hosts that tunnel IPv4-in-IPv6 , a reverse of today's tunnels. Refer to the >> DS-Lite standards among others, and this approach is part of the 3GPP/LTE >> standards for mobile networks migration to IPv6. Estimates I've seen so far from IPv6 day suggest that although traffic was up, V6 accounted for between 0.02% and 0.3% of total traffic. Of that, 90% was tunnelled (i.e. only 10% native). So basically: (1) there is no signficiant IPv6 Internet today, and (2) if you want to join what there is, you do indeed probably have to tunnel. >> Tunnels solve the chicken and egg problem, it allows IPv6 content to be >> accessible until IPv6 gains a wider installed base which may take years. >> During the same time the burden of running IPv4 with no public addresses >> will grow. Both RIPE NCC and ARIN have publicly endorsed tunneling to speed >> up IPv6 deployment. That doesn't mean that installing a tunnel client is a good idea for anyone except network specialists who know what they're doing. >> Protocols that automate the setup of carrier grade tunnels, such as TSP, >> make installing tunnels a plug and play affair. Refer to my original email >> and try it to see for yourself. For zero user intervention needs, there are >> CPE IPv6 Adapters that plug in an ethernet port on an IPv4 home router and >> automatically setup IPv6-in-IPv4 tunnels (see the ARIN Wiki on IPv6 CPEs). >> All these are carrier grade solutions and have been deployed by tier-1 >> carriers. If random end-users start installing this stuff without understanding it, then (a) they are probably opening up security holes into their network, and (b) they may impede a later smooth rollout of native v6. >> Whether users dual-stack or tunnel to IPv6 the security requirements are >> mostly the same. Waiting for end-to-end dual-stack to be deployed all the >> way to the home CPE to complete is a multi year project. And I don't see >> IPv6-in-IPv4 tunnels impeding rollout of native IPv6 if the tunnels clients >> AND servers are fully under control of the ISP and part of their network. >> The rule here is for ISPs to avoid using Teredo, 6to4 and ISATAP tunnels >> which, unfortunately, are everywhere.
_______________________________________________ Menog mailing list [email protected] http://lists.menog.net/mailman/listinfo/menog
