> The reason I am proposing deployment cases is that while I > beleive that #1 is the ultimate end state I also believe the > same of PKI and cryptographic security systems. There is no > technology developed in computer science that provides a more > compelling intellectual case ...to computer scientists... > than Public Key Cryptography. > Yet after three decades our use of PKI barely scratches the > surface of what is possible. We need to ask why. Human psychology. > Recently I spoke to a senior > executve at a very large manufacturing company that is 100% > certain that their principal product line will be completely > obsolete within five years, most of you would say it is > obsolete today. Their idea of forward planning for the change > is not investing in any new equipment that is unlikely to see > a return before that time. How many senior executives in Internet operators are consciously not investing in any IPv4 products that will not provide a return before the global IPv4 space is exhausted. I believe that very few such executives have even made this fundamental decision. As a result, there is not yet enough pressure on vendors to get their products IPv6 ready before 2010. Where are the Internet gateways that seamlessly work with IPv4 or IPv6 on either side of the box? Where are the OSS systems? Where are the firewalls, load balancers, and other linchpins of the data center? Given the fact that network operators need a fair amount of lead time to test and certify new equipment (or software) before easing it into production in stages, I don't believe that we are as advanced as we need to be by this point in time. > Mere exhaustion of the IPv4 address space is not going to be > a sufficient incentive unless (1) it is certain to happen in > the next two quarters and (2) the impact is certain to be > negative on the specific stakeholder in question. Even this is problematic because the fund managers and investment analysts are not yet asking senior executives how they plan to mitigate IPv4 exhaustion. If senior executives don't consider the issue, then they won't take action even if it is certain to happen in the next two quarters. > If we are to turn the stakeholders around we have to offer > them a compelling proposition. Merely preventing the > exhaustion of the unallocated IPv4 pool is not a sufficient > incentive for a stakeholder executive sitting on a large pool > of unused addresses. It is not the exhaustion of the free pool that should be feared. It is the fact that your IPv4 network will lose the ability to grow (and therefore drive growth in revenue) when there are no free addresses. You will be forced to spend a lot of money on either implementing IPv6 in a last minute panic, or spend a lot of money on "strings and sealing wax" to make IPv4 services more or less feasible. The sooner that companies take action, the sooner they can navigate an optimal path through these waters. In some case, spending on things like double NAT for IPv4 may well provide a return on investment, but that has to be balanced against a scenario in which more investment dollars go towards making an IPv6 Internet service functionable earlier. Unless I've missed something recent, the IETF did not do a lot of work on the scenario where IPv4 islands need to communicate over an IPv6 Internet, talking to both IPv4 and IPv6 services. Yet this core-outwards scenario seems to be the primary transition scenario that we are driving towards. The first companies to be impacted by lack of IPv4 addresses are the core network operators, so they must transition to IPv6 before the end user islands. --Michael Dillon _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf