----- On Nov 26, 2019, at 1:36 AM, Doug Barton do...@dougbarton.us wrote: > I get that some people still don't like it, but the answer is IPv6. Or, > folks can keep playing NAT games, etc. But one wonders at what point > rolling out IPv6 costs less than all the fun you get with [CG]NAT.
When the MBAs start realizing the risk of not deploying it. I have some inside knowledge about the IPv6 efforts of a large eyeball network. In that particular case, the cost of deploying IPv6 internally is not simply configuring it on the network gear; that has already been done. The cost of fully supporting IPv6 includes (but is probably not limited to): - Support for deploying IPv6 across more than 20 different teams; - Modifying old (ancient) internal code; - Modifying old (ancient) database structures (think 16 character fields for IP addresses); - Upgrading/replacing load balancers and other legacy crap that only support IPv4 (yeah, they still exist); - Modifying the countless home-grown tools that automate firewalls etc; - Auditing the PCI infrastructure to ensure it is still compliant after deploying IPv6; If it was as simple as upgrading a few IP stacks here and there, it would be a non-issue. Don't get me wrong, I'm not advocating against IPv6 deployment; on the contrary. But it is not that simple in the real corporate world. Execs have bonus targets. IPv6 is not yet important enough to become part of that bonus target: there is no ROI at this point. In this kind of environment there needs to be a strong case to invest the capex to support IPv6. IPv6 must be supported on the CxO level in order to be deployed. Thanks, Sabri, (Badum tsss) MBA