I would be concerned in strongly spruiking advantages of IPv6 to
executives if an IPv6 dual stack solution is actually being deployed.
(ie. some given IPv6 SS advantages below do not apply to IPv6 DS)
1. Decreased application complexity:
Because we will be able to get rid of all that NAT
traversal code,
we get the following benefits:
I. Improved security
A. Fewer code paths to test
B. Lower complexity = less opportunity to
introduce flaws
II. Lower cost
A. Less developer man hours maintaining (or developing) NAT
traversal code
B. Less QA time spent testing NAT
traversal code
C. No longer need to keep the lab stocked with every NAT
implementation ever invented
D. Fewer calls to support for failures in product's NAT traversal
code
2. Increased transparency:
Because addressing is now end-to-end transparent, we
gain a
number of benefits:
I. Improved Security
A. Harder for attackers to hide in
anonymous address space.
B. Easier to track down spoofing
C. Simplified log correlation
D. Easier to identify source/target of
attacks
II. Simplified troubleshooting
A. No more need to include state table
dumps in troubleshooting
B. tcpdump inside and tcpdump outside
contain the same packets.
There are two well documented advantages to IPv6 dual stack:
- responding to customers requesting IPv6 dual stack connectivity
- excellent access to the IPv4 network
IPv6 is a *different* network to IPv4 even if both networks happen to be
carried on the same platforms (thank you Cisco, F5, Juniper etc -
without this, our execs would be seriously baulking at having to replace
fairly
modern hardware).
I have also noticed examples given of historic protocol changes. Not all of
these are relevant as some of them only involved "middle" OSI layers, so
do not apply very well to the IPv6->IPv6 transition.
Greets
Engineer Karl Pospisek (alias [email protected])
