There are a number of reasons, some technical, some
psychological, but all to do with security.
Reason #1: Making unnecessary changes breaks things. There is no compelling reason even today to
move to IPv6. The total number of IPv6
*only* services is approximately none, so not migrating does not limit
anything. Sure we will eventually run
out of IPv4 address space, but I predict we will make do at least until 2020.
Reason #2: Complexity reduces security. Not everything supports IPv6, so deployment
requires a dual-stack approach, which significantly increases complexity, and
therefore decreases security. While this
is true today, given a 36 month IT replacement cycle, everything will
eventually support it by 2016.
Reason #3: We don't understand it. This is the real reason for the lack of
adoption. IPv6 is not just IPv4 with
longer addresses. It does some things
very differently than IPv4, and breaks the well-understood IPv4 security
model. There is no NAT. There is no ARP. Multicast matters. ICMP matters.
We could fix this today, but it will take a generational change of CIOs
to really embrace it. Maybe it won't be
scary by the Unix timestamp rollover in 2038.
Interestingly for those of us with a few grey hairs,
we've been here before. We made this
same transition from IPX to IP in our Novell networks 20 years ago, but with
one very significant difference. We
didn't dual-stack. On a flag day we just
changed all the configurations and got on with it. But we can't do that this time, because now
everything is interconnected, and the risk of cutting ourselves off today is
much higher than the risk of running out of addresses at some point in the
future.
IPv6 is definitely the future. While the future is already here, and not
very evenly distributed, for most of us the time is just not right.
Phil Kernick Chief Technology Officer
@philkernick www.cqr.com
Phil Kernick Chief Technology Officer
@philkernick www.cqr.com
No comments:
Post a Comment