I was invited to present my views on the IPv6 deployment in enterprise networks during the local IPv6 summit. Instead of joining the cheering few or the dubious crowds, I’m trying to present a realistic view answering questions like “what do I have to do”, “when should I start” and “where should I focus my efforts”.
Here’s the outline of my presentation, any feedback, additional thoughts or insightful critique is most welcome.
Scenario: Enterprise network connected to the Internet. No need for internal IPv6 (RFC 1918 is good enough).
Question: where shall I focus my IPv6 efforts?
Facts of life:
- IPv6 is a reality, get used to it.
- Migration is supposed to be easy, but you will get stuck on details.
- Start small, but start now.
Phases of public IPv6 deployment:
Phase#1: Dual stack content (starting now)
Phase#2: IPv6-only Internet clients (in a few years)
Phase#3: IPv6-only major content providers (10+ years from now)
Obviously this is just my perception of the critical milestones, as they apply to enterprise network deployment.
Proposed action plan
Phase#1 has already started, get ready for it:
- Establish IPv6 connectivity with all the upstream providers
- Deploy IPv6 on your public servers. Start with small, non-critical applications to get hands-on experience.
- Change your whole DMZ into dual-stack DMZ.
As an enterprise network, you don't care about Phase #2:
- Your content is reachable over IPv4 and IPv6
- Interesting content is reachable over IPv4.
- Use this time to plan your internal IPv6 deployment.
When the public content becomes available only over IPv6 (phase #3) you might be in a morass if your internal network is not yet dual-stack (you’ll have to face ugly 4to6 NAT). Deploy dual-stack throughout your network:
- RFC1918 + 4to4 NAT
- Public IPv6 address space