A new study by MI2G Global Risk Specialists points out highly integrated the world economy has become with the Internet. This underlies highlights the importance of the IPv6 Internet upgrades we have been working on  are to ensure operational continuity of the Internet after IPv4 address exhaustion. Internet addressing, scaling, and operations directly impacts the global economy and will cause a major economic problem if we begin to lose the ability to communicate effectively.  This study estimates that: 

“Over 1% damage to GDP of a developed country such as Switzerland for every one week of Internet blackout is a reflection of how reliant modern business and society have become on Internet technologies. It is very interesting for us to observe that ETH has independently arrived at a similar approach to ourselves in developing economic damage models for large scale Internet attacks,” said, DK Matai, Executive Chairman, MI2G. “We are pleased to announce our intention to collaborate with Swiss Federal Institute of Technology Zürich (ETH) to develop more refined economic damage models for Internet attacks and their lingering commercial fallout in the years ahead.” 

Looking at this data and US GDP data we can see that the US produces 1.9%  of GDP per week so a 1% loss would be over 1/2 of production that week – about 250 Billion a week in lost productivity. Our economy is increasing tied to eCommerce, unified communications, and netcentric business systems - making Internet continuity a business continuity issue. That’s why total global value of eCommerce is one of the trends I track on “IPv6 Trends and Adoption Timelines“

In a commercial sample scenario presented by ETH, when an Internet Service Provider with an annual revenue of CHF 2.81 billion is hit by 24 hours of Internet outage, the total economic loss is projected to be CHF 32.99 million or 1.2% of annual revenue. The breakdown is as follows:

1. Downtime Loss = Degraded Productivity + Loss of Revenue = CHF 292,000
2. Disaster Recovery = CHF 5.2 million
3. Liability = CHF 15 million
4. Customer Loss = CHF 12.5 million

The top Internet leadership has been warning us that  IPv6 Transition is an  Issue of Business Continuity: 

“The technical stuff for IPv6 is done. IPv6 is ready. This is a business issue in the internet service industry. The ISP community round the world needs to pay attention… They are persisting in the ‘nobody is asking for this’ mentality.  They are not valuing business continuity as they should.  When they finally wake up, there is going to be a mad scramble for IPv6 and they won’t implement it properly”.   - Vinton Cerf, September 30, 2008 interview with “The Times Online”. 

In case you don’t know who Vinton “Vint” Cerf is, or if he is a reliable source, he’s the American computer scientist who is the “person most often called ‘the father of the Internet. His contributions have been recognized repeatedly, with honorary degrees and awards that include the National Medal of Technology, the Turing Award, and the Presidential Medal of Freedom. Vint is considered the leading candidate for the new Federal CTO position under the Obama administration. 

What are other top leaders in the Internet community saying?

• “In order to sustain the impressive speed of Internet innovation and ensure a healthy Internet economy for the future, we recommend that content providers make their services available over IPv6,” - Axel Pawlik, Managing Director RIPE NCC. 
• “.. With only 19% of IPv4 address space remaining, ARIN is now compelled to advise the Internet community that migration to IPv6 is necessary for any applications that require ongoing availability of contiguous IP number resources.” –ARIN Board 2007
• “If deployment <of IPv6> is delayed, the future growth and global connectivity of the Internet will be negatively impacted.” –Internet Society (ISOC) FAQ on IPv4/v6

Now, if a failure to migrate to IPv6 in time creates a major operational problem for the Internet that will impact the nation’s economic future, is IPv6 transition, as John Curran, ARIN Chairman and COO of ServerVault has warned the US Defense and Intel community, a “national security issue”?   If so, we better have a timeline and a plan together for transition…

Google has taken the advice of the Internet Engineering Task Force (IETF) engineers, American Registry for Internet Numbering (ARIN) (John Curran and company), Google’s own famous “Internet Evangelist” Vint Cerf,  and others that getting external facing servers working on IPv6 is a business continuity issue. There have been numerous warnings from the top experts in the Internet community about the consequences of Internet growth and the need to switch to IPv6:

• “In order to sustain the impressive speed of Internet innovation and ensure a healthy Internet economy for the future, we recommend that content providers make their services available over IPv6,” - Axel Pawlik, Managing Director RIPE NCC. 
• “.. With only 19% of IPv4 address space remaining, ARIN is now compelled to advise the Internet community that migration to IPv6 is necessary for any applications that require ongoing availability of contiguous IP number resources.” –ARIN Board 2007
• “If deployment <of IPv6> is delayed, the future growth and global connectivity of the Internet will be negatively impacted.” –Internet Society (ISOC) FAQ on IPv4/v6
• “.. in 2011, IPv6 must be in use by public-facing servers” –John Curran, ARIN Chairman, COO ServerVault  
•  “.. the Internet has been evolving, and IPv6 is the next major revolution that has to happen soon. ” –Vint Cerf, Internet Pioneer

John Curran, ARIN Chairman and COO of ServerVault, at a meeting of US Defense and Intel Internet engineers, went further to suggest that IPv6 transition is beyond an eBusiness continuity issue:

“<IPv6 transition> is a national economic policy issue and will be a national security policy issue within two years” 

As you can see in this picture, Google has been running their IPv6 service as a separate part of the Google space, and we connect across native IPv6 connections from the desktops in our Command Information network. (2610:F8::/32 is our address)  

However, more interesting than their IPv6-access site, is that they have installed an “invisible widget” on regular IPv4 Google to test IPv6 connectivity readiness of a portion of their users trying to connect to their production Google search portal. The widget directs a background process to exchange data with ipv4.ipv6-exp.l.google.com or dualstack.ipv6-exp.l.google.com to gather data on IPv6 connectivity. Lorenzo Colitti of Google revealed the experiment and the statistics they have been gathering at the European Internet Protocol Registry (RIPE) meeting at the end of October. Our enineers Joe Klein, TJ Evans, and others have analyzed their data and found a few interesting facts:

•  Less that 1% of Google users today have useful IPv6 connectivity (and prefer IPv6)
• 0.09% of IPv6 users have broken connectivity - most likely they don’t have both IPv6 connections and a AAAA capable DNS server serving IPv6 records. We can fix that with proper DNS implementations and IPv6 connection engineering
• All users with MS Vista, Apple Mac OSX Leopard, Windows Mobile smartphones, and modern Unix/Linux OSs have native IPv6-capable systems with IPv6 turned on - unless they have purposely disabled it. What’s holding them back is the lack of ‘last mile’ support infrastructure, and with IPv6 tunneling in these OS’s thats mostly a lack of IPv6 DNS implementation.
•  At least a million distinct IPv6 hosts out there have accessed Google during the test period
• The country with the most IPv6-ready users is Russia is the most IPv6-connected country -  the U.S. is #5 behind France, Ukraine, and Norway
• The most common connection type is 6to4 tunnels - which implies that sucessful IPv6 users are not behind NAT gateways and have native IPv4 connections that can run 6to4
• Apple has the most IPv6 connected computers - Joe commented that that’s probably the combination of Apple PCs with Apple Airport Extreme home network gateways - which support IPv6

The full report is available here: www.ripe.net/ripe/meetings/ripe-56/presentations/Colitti-IPv6_at_Google.pdf

The takeaway from all of this? Google has taken the plunge and is well positioned for the 2012 number crunch pain by already having external IPv6 connectivity on their WWW and DNS servers. Organizations sucessfully running external IPv6 servers are the IETF, ARIN, RIPE, IPv6 Forum, ICANN, Command Information. and many more. It seems that the major IPv6 transition advocates are heeding their own advice and sucessfully “eating their own dogfood” to show that IPv6 transition is not as difficult as many believe.

In closing, here are a few interesting snapshots of the Google data:

The Internet of Things is a term for a network between objects, such as sensors, automation controllers, cars, and household appliances to communicate via machine-to-machine (M2M) protocols to automate their functions without human intervention.   If all powered things, (coffee makers, thermostats, cameras, voting machines) are equipped with small Internet-capable radios and an automation system is built to report their status, location, and receive control commands, human life will undergo a vast technological transformation. Since the average modern human interacts with over 1000 objects regularly, the system would need to scale to address trillions of objects – making IPv6 addressing the only practical system for Internet-ing such a massive system.

What kinds of devices will be part of the Internet of Things?

• Smart Phones  - My HTC Mogul smart-phone already automatically communicates with our company’s Exchange server with server-push technology to update my email, calendar, and contacts
• Automobiles  - Cars sold in the US after 2010 will be equipped with the IEEE 1609 WAVE Intelligent Transportation System (ITS)  
• Sensor Systems – All sorts of network sensors are produced now on various networking technologies like BACNET, LONWorks, Zigbee – and are often integrated with the Internet through gateways. Eventually these sensors will be real citizens of the Internet of Things and the gateway will go away. There is now a new standard for direct IPv6 networking wireless sensors – 6LowPAN and Archrock and Jennic make  products 
• SCADA – Supervisory Control and Data Acqusition systems for industrial automation sensors and controllers can have IPv6 gateways like the ones used to automate the lighting and security system for the Beijing Olympics 
• RFID and Asset Tracking Devices. Gen-3 RFID will likely be direct Internet tracking systems like the Sentry tracker made by Savr Communications 
• Children’s toys – Think networked smart toys like Nabaztag, supertoys, online-games, all sorts of possibilities!
• Cameras – IP surveillance cameras like Axis, Panasonic are here today; coming soon - digital cameras that automatically transmit their pictures to a website or storage or a linked digital picture frame…
• Entertainment Systems – Internet TV set-top boxes, music players, all sorts of things
• Appliances – Internet refrigerators and microwave ovens are here today! Now if they could do something compelling like read RFIDs on the food and generate a shopping list automatically when you consume something…
• Manhole covers – This sounds like a stupid example, but there really is a manhole cover with an integrated internet radio that reports if the cover has been open and security breached, and also ones with sensors for toxins

 In order to make the Internet of Things reasonably cost-effective and simple to deploy for most every kind of object, we need to agree on a set of M2M standards for the complete communications package. The standards need to address:

• Web Services as lightweight common platform  to publish service definitions and exchange configuration information with any user-node
• Service discovery which provides a decentralized, peer-to-peer service discovery method suitable for publishing and discovering services even in ad-hoc, unmanaged, and disadvantaged networks
• Service definition to publish service listings that define how, when user nodes  come in contact with service nodes such as sensors, their services or software applications can interact over the network
• Messaging Services Layer providing a basic web-services messaging framework between hosts which abstracts lower layers
• Common Data Exchange Format for sharing of structured data across different systems
• Internet Protocol Layer or an IP proxy layer, is used to connect network nodes across multiple types of networking technologies, RF waveforms, and radio platforms

Command Information has been working on  a set of M2M protocols we call 6SenseIT to create an IPv6 -based Service Oriented Architecture (SOA) for standardizing sensors, SCADA controllers, and RFID systems for the Internet of Things.

6SenseIT defines a framework  to make it easier to integrate network sensors, automation controllers, IP video cameras, etc. with applications. Because our SOA was designed for unmanaged networks and for operating in the high-loss, often disconnected mobile networks for our defense clients, several layers of services are addressed in ways that vary from current enterprise SOA.

Key technologies in 6SenseIT are:

• Internet Protocol especially IPv6 as provides a massively scalable, ‘future-proof’ networking technology to converge all of these devices
• Multicast DNS (mDNS) – which is a peer-to-peer version of DNS we utilize so applications can find 6senseIT devices

• DNS Service Discovery (DNS-SD) which allows 6SenseIT devices to advertise their services in a SOA-like way, without centralized SOA servers
• SOAP and/or REST as a convenient messaging services layer that abstracts lower layers to make it easy to program applications for data exchange between devices
• XML as the common data exchange format

By combining these layers of protocols and services into the controller for a sensor system, various types of formerly stand-alone sensor systems can be made into “plug and play” appliances supporting automated discovery and services integration.  We’ve put 6SenseIT architecture to field tests already as we’ve used it to make it quicker to deploy our AIRS Application for first responders. AIRS now uses 6SenseIt components to find and automatically utilize new sensors, cameras, and people trackers introduced into the emergency-area network. We will be presenting our 6SenseIT architecture in detail at IEEE MILCOM convention presentation on “IPv6 Sensor SOA” on November 19^th and have white papers and information available now.

OK.  Last time we talked about the fact that ISPs are probably going to deploy some stop-gap IPv4-based solution while they implement IPv6 over the next couple years.  This plan also buys a little more time for more Windows95 or other non-IPv6 capable hosts to be retired. 

Important:  the real solution is intergration of IPv6 into all networks and devices, and a long-term transition from IPv4 to IPv6 entirely.  In the near-term, though, it is becoming more apparent that ISPs are going to chose to use a few strategies - implement IPv6 but also find a way to get more out of IPv4 in the near-term.  A smooth transition from IPv4 to IPv6 in advance of IPv4 address run-down would have been better - cheaper and more reliable - for the entire Internet community, but looking at the situation today the community has missed that window of opportunity.  So, instead of “elegant integration and transition”, we’re going to be stuck with “stop-gap + elegant integration and transition”.

The initial discussions to extend the life of IPv4 largely involve sharing a single IPv4 address across multiple subscribers.  There are a couple of interesting things for us to keep in mind about this class of solutions.

Quick Application – TCP/UDP – Port Number Review

Applications run today mostly over TCP or UDP, and use port numbers.  There is a source port number and a destination port number.  Most applications we think of as common use TCP.  As an example, a web browser connection is based on TCP, with the destination port number being 80 – one of the well-known port numbers.  These are port numbers between 0 and 1024. The source port number in the web browser example would be a “high port” – in the range 1025 – 65,536 (64K).

Just a moment ago, I connected, using IE7 on Windows Vista, to a handful of websites in quick succession.  Using a sniffer package, I see the following TCP source ports in use during this few second period:  7647, 7659, 7660, 7662, 7663, 7666, 7664, 7667, 7668, 7670, 7671, 7672, 7673, 7674 – and maybe anther handful.  Call it about 20 TCP source ports.  So, for this one application, for 10 seconds, I used 20 of the available TCP source ports on my laptop.

When my computer makes these connections to the Internet, and I am at home behind my NAT firewall router, my laptop’s local TCP source port will be “mapped” to some source port on the outside of my NAT firewall.  Maybe the same port number, maybe a different port number.  Say that, in the example, my laptop address inside my house is 10.3.4.5, and my web browser opens a connection on TCP source port 7647.  This might be mapped to the TCP source port 42355, 6.7.8.9 on the outside of the NAT box – where 6.7.8.9 is the IPv4 address on my NAT firewall’s WAN-facing (Internet-facing) interface, and 42355 was an available port.

It is important to note that the NAT box is able to recycle TCP and UDP port numbers pretty quickly.  But it depends on the implementation just how quickly.  I would think that if a port was unused for a few minutes it would be returned to the “free” list in most cases.

The Way it Works Today

In the case where my house – one subscriber – has their own NAT box and one routable IPv4 address on the WAN-facing interface, all the internal machines have to share those available 64,512 (64K – 1024) TCP port numbers.  For me, that’s a few PCs and a TiVo machine.  I’m not quite sure how many TCP ports my TiVo box uses, but I’ll guess it is not more than, say, 20.

So, then, the high-water mark for my household might be around 100 ports in use at a time.  For today’s applications that is probably more than enough for the average household.  So, sounds like I have 64,512 ports available to me for outbound sessions, and I only need 100.  Lots of headroom.

How it Works if One IPv4 Address Shared Across Multiple Households

In this case, then those multiple households share the available TCP port numbers.  If we say a household needs 100 ports, then we could share 64,512 ports across about 645 households.

So Then This Will Work Fine No Issues – Right?

Well, looks pretty good.  We want it to work all the time though, and we want it to work for awhile – a few years.  A lot can happen in a few years.  One trend of late is applications that open lots of TCP connections – simultaneously using lots of TCP source ports.  My understanding is that Google Maps, for example, opens a lot of TCP sessions and downloads maps in sections – to shorten the amount of time it takes to render the map.  I just tried it, and I was able to fire off 64 TCP sessions in just a couple quick clicks.  Maybe TiVo uses this to improve download speeds – wonder how many ports that might add.  Now I’m less sure about my guess that TiVo probably doesn’t use more than 20 ports.

So, depending on how far this trend towards applications using multiple simultaneous flows goes, and how fast, perhaps we should plan on making 1000 ports available on the shared NAT box per household.  That would mean only 64 households sharing a single IPv4 address.

Any Other Issues?

Yep.  At least two.  Topics for another post.  Just to set the stage, think about:

1. What do we do about inbound sessions?  Suppose a household wants to run a webserver, on TCP port 80, and setup port forwarding to forward packets arriving on the routable address on the WAN side of the NAT box on port 80 to their internal HTTP server.  If multiple households share a single routable address, who gets to use that specific well-known port?
2. What do we do about any application that uses port forwarding?  Bit Torrent, for example, wants to use certain inbound ports (TCP 6881 – 6999).  Who gets to use those?  And, for that matter, how do I setup port forwarding when the NAT is no longer in my closet, but it is a shared resource run by my service provider?

Good questions.  We’ll talk about them next time.

Instead of the usual technical deep dive here, I have a human interest story for the IPv6 engineering community:

In case you thought that the new “I’m a PC” Guy for Microsoft looks familiar, he just might be Microsoft’s IPv6 expert Sean Siler!!!

http://www.youtube.com/watch?v=rI6Z9jWR_ac 

Interesting to the IPv6 community reading this page is that it’s not just marketing hype, the PC with Vista is well optimized for running IPv6 and is accredited for US government use on the DoD JITC IPv6 approved products list.

I’m a Vista PC and I’m IPv6 Optimized - here’s why:

· Full support for the ‘IPv6 Base’ specifications

·  IPv6-on by default (This includes the IPv6 firewall!)

·  IPv6 “Windows Firewall” An enhanced host firewall and GUI setup to better secure host PCs

·  Full IPsec support to include NSA/NIST suite-B cypto with Advanced Encryption Standard (AES) and Internet Key Exchage (IKE) (Caveat: IKEv2 support is still in the works…)

·  Protected IPv6 communications with IPsec: Domains and applications running IPv6 traffic can be completely isolated and “armored” with IPsec and IPsec policies

·  Privacy Addresses RFC 3041 temporary IPv6 addresses use randomly derived interface IDs to ensure the privacy of users visiting external sites (There are IA forensics implications here!)

·  Teredo tunneling enhancements including symmetrical NAT traversal and a new service pack to enhance Teredo and Window’s firewall opeation (Better check that your Windows firewall settings allow no unsolicited inbound Teredo!)

·   GUI-based full configuration – Makes management easier!

·   MLDv2 RFC 3810 Multicast Listener Discovery version 2

·   LLMNR Link-Local Multicast Name Resolution (LLMNR) allows IPv6 hosts on a single subnet without a DNS server to resolve each other’s names. Vista also supports Apple’s widely deployed mDNS Zeroconfiguration with a plugin from Apple

·   IPv6 over PPP RFC 2472 Point-to-Point Protocol (PPP) (PPPv6) for dial-up, or PPP over Ethernet (PPPoE)-based connections that can be used for very high speed broadband Internet access

·    DHCPv6 RFCs 3315 and 3736 Dynamic Host Configuration Protocol for IPv6 (DHCPv6)  for stateful autoconfiguration (Caveat: The router autoconfiguration setting has to be set with the M&O flags for Vista to work correctly)

·    Optimized IPv6 DNS behavior: See: http://www.commandinformation.com/blog/?p=62

·    IPv6-only capable operation: With the settings right, you can operate Vista very well on an IPv6-only network as the applications are ready for IPv6 connections

·    Peer to Peer (P2P) networking: The Windows People Near Me and Meeting Space Peer-to-Peer Networking components enable direct P2P collaboration in a serverless environment

·    IPv4 backwards compatibility: A dual IPv4/IPv6 TCP/IP stack is the default configuration

In case you want to know more about our famous friend Sean, here’s his bio:

Sean is the Program Manager responsible helping Microsoft’s customers understand and deploy IPv6. Previously he served as the IPv6 Technical Lead for Microsoft Federal. In both of these roles has been able to actively assist commercial industries, the Department of Defense, and Federal, State and Local Civilian, and many other agencies better understand and begin their migration to IPv6.
He began working with Microsoft in early 2005. He is a member of the IEEE, the Internet Society, and Mensa.

Service Providers (SPs) have figured out they have a new problem.  I think it is hard being an SP anyway – tight margins and intense competition.  Now it is becoming clear to the SPs that the supply of “fresh” routable IPv4 addresses is drawing down.  And that will make new addresses harder to get, or more expensive to get, and that has serious repercussions.  That hits SPs where they live – subscriber growth. 

SPs were not aggressive adopters of IPv6 – with some exceptions.  It seems, however, that SPs are now coming quickly around to their need to deal with this problem.

A few assertions:

1. IPv4 addresses will become scarce in advance of all home users having production-quality IPv6 capability on their devices (read PCs and gateways)
2. SPs are unlikely to accelerate their IPv6 deployments enough to provision production-quality IPv6 services to every subscriber in advance of IPv4 run-out (or, increasing scarcity)
3. IPv6 is still the right solution to IPv4 address exhaustion, but the SP community (at large) needs a 2 or 3 year stop-gap measure to buy themselves time to implement, and ensure they can continue to add subscribers

There are a few ways SPs can get through this period, and many of them were discussed at a recent IETF “interim” meeting in Montreal Canada.  There are a number of possible solutions, and it is too soon to pick winners, but a few things to keep in mind are:

1. Most of the solutions involve sharing routable IPv4 addresses between multiple subscribers.  Note this is a significant change from the current most common deployment, where each subscriber (or household) gets a single routable IPv4 address for the outside of their home gateway (router, firewall, router/wireless access point – whatever)
2. This “sharing an address between multiple households” solution means that the provider will have to deploy a NAT device within their network – often called “Carrier Grade NAT” (CGN)
3. If the subscriber continues to use their existing home gateway, then all their IPv4 traffic will be NAT’ed twice (“double NAT”) – once by the subscriber NAT and once by the provider NAT, which breaks some classes of applications
4. If the subscriber replaces their home gateway (or the provider gives them a new one), then the traffic will not be NAT’ed twice, but it will still be NAT’ed at the provider gateway – which *also* breaks some classes of applications

As I said, there are a number of mechanisms to deal with this problem in the near term.  In the middle and longer term, IPv6 is the solution - all the SPs I talk to realize that and are (finally) making plans in earnest to get it done.  Some of the mechanisms under discussion advance IPv6 deployment within provider networks (in other words providers solve their immediate problem of IPv4 address space run-down and *also* – as a bonus – move their networks towards IPv6 capability).  Other mechanisms are simple stop-gaps – just keep IPv4 running (pretty well, for some classes of applications, for basic usage) just a little longer.

I’ll tell you more about those mechanisms in the weeks ahead.  I’ll be at NANOG, and I’m sure this will be a hot topic.

You may have heard that IPv6 adoption is a business continuity issue that needs to be addressed withing the next few years before it affects the core routers that run the Internet. What are the trends pressuring us into IPv6 adoption, making it a business continuity issue for continued Internet operations and growth? We have been tracking several trends  like IPv4 address depletion which are well known, while others may be less obvious. Here are several of the major trends:

• -IPv4 Address block depletion (see Wikipedia Article)
• -Growth of the routing tables in the Internet core
• -The growth of the number of Internet subnets
• -The growth of IPv6 Internet subnets
• -The growth of the ‘Internet of Things’ - thin devices, sensors, etc. communicating to each other on the Internet
• -The growth of eCommerce and its impact to the worldwide economy

An overlay of these trends show that there will be an increasing gap beginning in approximately 2011 where there will be more “operational pain” as the current IPv4 Internet will have major scaling problems, causing operational issues until IPv6 catches up everywhere in approximately 2015.

• “In order to sustain the impressive speed of Internet innovation and ensure a healthy Internet economy for the future, we recommend that content providers make their services available over IPv6,” - Axel Pawlik, Managing Director RIPE NCC. 
• “.. With only 19% of IPv4 address space remaining, ARIN is now compelled to advise the Internet community that migration to IPv6 is necessary for any applications that require ongoing availability of contiguous IP number resources.” –ARIN Board 2007
• “If deployment <of IPv6> is delayed, the future growth and global connectivity of the Internet will be negatively impacted.” –Internet Society (ISOC) FAQ on IPv4/v6
• “.. in 2011, IPv6 must be in use by public-facing servers” –John Curran, ARIN Chairman, COO ServerVault  
•  “.. the Internet has been evolving, and IPv6 is the next major revolution that has to happen soon. ” –Vint Cerf, Internet Pioneer

I discussed this issue with John Curran, ARIN Chairman and COO of ServerVault, at a meeting of US Defense and Intel Internet engineers, and asked him if, given the importance of Internet Technology and eCommerce to the United States, he thought this was a national economic policy issue. This is what he said:

“<IPv6 transition> is a national economic policy issue and will be a national security policy issue within two years” 

Given the timeliness of kicking off a full transition, what is a simple enterprise network upgrade plan, to truly “Operationalize IPv6”, that will stay just ahead of these trends in a cost effective way? Here’s Command Information’s suggested timeline:

2008-2009:

o   Change your procurement to require IPv6-capable applications, IT infrastructure, and IT service – and actually test for conformance! This step allows you to use regular tech refresh to really get IPv6-optimized IT components in place by 2012, and pushes your vendors to actually build them!

o   Train your IT staff on IPv6 security and network operations, and ensure your support contractors are experts in IPv6

o   Create your IPv6 transition plan – and be sure to address security compliance and IPv6 in strategic IT technology implementation

By 2010:

o   Get your external facing servers and application (web portals, e-mail, DNS, etc…) working on production-grade IPv6 connections - this is critical as these external systems must rely on Internet transport to service your external clients and partners

o   Get your IPv6 security/IA plan in place and activated. IPv6 may already be running in your enterprise and IPv6 tunneling bypasses most current firewalls and IA infrastructure

2010 - 2011

o   Pilot IPv6 ISP connections in to your enterprise LAN – after your v6 security infrastructure  is in place and tested!

o   Pilot native IPv6 connections to the desktop on your operational network

o   Pilot IPv6 user and desktop applications via new common desktop and server builds.

o   “Operationalize” IPv6 throughout your enterprise, slice by slice, to ensure that all applications, IT systems, and software within your enterprise are running IPv6 NLT Q4  2011

In conclusion, there are Enterprises that have already executed this plan, and there are engineers who have operational experience with this transition. A good example of an Enterprise that has already met these timelines and operationalized IPv6 is our client Bechtel. You can download a case study on their enterprise transition here: Download the Bechtel Case Study