There's a growing number of IPv6 experts that say one of IPV6's benefits - autoconfiguration - will be skipped over by network execs who will stick with DHCP instead. DHCPv6 is an updated version that will support IPv6 and one of its chief supporters is Cisco.
Cisco has been supporting DHCPv6 in IOS since 2003 and also supports it in Cisco Network Register (CNR), reports Network World's Carolyn Duffy Marsan. The company says the next version of CNR, expected out by early 2008, will feature parity between DHCPv4 and DHCPv6.
What's your take on autoconfiguration vs. DHCP?
More IPv6 issues discussed at Jeff Doyle's IP Routing blog.
Go to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, book giveaways, and more.
Corporates will use DHCPv6
I believe enterprises will use DHCPv6 more than they'll use autoconf. The article doesn't really highlight the main disadvantages with autoconf, i.e. the fact that clients need many other parameters passing to them than just the IP address. Autoconf can't configure the DNS domain, DNS servers, legacy WINS servers, time servers etc. All this additional info is supplied by DHCP, so if enterprises have to deploy DHCPv6 to supply this information they just as well use DHCPv6 to configure the addresses too. This also then provides them with the audit, tracking and management capabilities that many enterprises require. So I think it's a bit of a non-issue, autoconf is fine for SoHo environments, but enterprises will want to utilise DHCPv6 (although having said that, we are seeing zero requirement for IPv6 within UK enterprises - there is simply no cost benefit).
DHCPv6 can be stateless
Paul, you're right that corporations probably will use DHCPv6, but not for getting configuration parameters. You can get configuration parameters with stateless DHCPv6, so you don't need stateful.
I really think the big advantage /stateful/ DHCPv6 is going to offer is simply an awareness of how many devices are active on the network. But it's early days yet - we won't really know for a few years, as your comment about the need for implementing IPv6 shows.
The thing to bear in mind with IPv4 and IPv6 is this. There is a problem that IPv6 solves that IPv4 doesn't: it gives you more addresses. This is an issue for corporations, and it's an issue for countries with large populations and small IPv4 allocations.
Corporations have solved this problem with Network Address Translation in IPv4, but it creates problems, particularly with mergers - if two corporations with Net 10 NATs merge, the NAT creates a barrier to gaining the synergy that you hope to get from a merger - you wind up having to manage the two IP infrastructures separately. IPv6's much easier renumbering makes this kind of merger much more practical, at least in theory - since we have so much less experience with IPv6, we don't yet know how well it works in practice.
IPv6 is getting a /lot/ of interest in Asia, because the address allocation problem is more severe there. We in the U.S and to some extent Europe can pretend that there's no problem, because we have larger allocations and smaller populations. But as Asia switches to IPv6, if we don't follow suit, it will affect our ability to interoperate with Asia.
More difficult interoperation creates a kind of de facto firewall between the east and the west. It makes it harder to do business, but more importantly it costs the west asian eyes. If they can't easily get to our web sites, they will be less likely to notice that we offer something they need, and we'll get less business from them.
So I think that even though there's no urgency for the U.S. and, as you suggest, Britain, in terms of address allocation, it's short-sighted not to be trying to begin the transition. I wouldn't argue that corporations should be switching their entire IP infrastructure to IPv6 right now, but if they aren't working to gain experience operating IPv6 networks, it's going to cost them a lot of pain later.
An easy way to stick a toe in the water is to just start offering IPv6 on your backbone, as the DoD has chosen to do. You don't force people to use IPv6 - you just make it available, and see who does what with it. I think the DoD has made a very good choice in going down this path, and I hope that corporations start to follow their lead.
Existing enterprises can't justify the cost or risk
What I have found interesting is the level of resistance to adopting IPv6 inside some large UK enterprises.
I was talking to a technical design architect (policy decision maker) for one of the UK's biggest banks recently and they have no plans to adopt IPv6 yet, even despite their continuing policy of acquiring smaller businesses and integrating their networks. However they are starting to expand more and more into Asia so it will be interesting to see what happens when they acquire a company that has fully deployed IPv6, i.e. whether they just fudge it or whether they start running IPv6 on the backbone like you suggest.
At the moment, the argument you (Ted) raise that the lack of IPv4 addresses for enterprises is an issue doesn't really hold water. People I speak to just can't see this as an argument for deploying IPv6 internally because they have plenty of RFC1918 space they can use. They are well used to using net-10, they understand the integration issues with other companies, they understand using NAT on their perimiter firewalls, and they just can't justify the expense (manpower, not capital) or risk to the business of rolling out IPv6.
From our point of view, it would be easy to start running IPv6 on the backbone, but that involves a fundamental change to the network topology. A risk averse enterprise like a bank will just not do it, the change is too big and there is too much risk that something somewhere will not play ball. They will always take the least riskiest way to solving a problem, even if that means fudging it. The problem for them is that even a few minutes down-time can cost them hundreds of thousands, if not millions in lost revenue. So trying to justify a network change that does not provide any tangible benefits (remember this has to be "sold" to directors that are so high up they don't even know what an IP address is) is an almost impossible task. I can pretty much predict they will just fudge it to get it working. Depressing I know, but that's the reality.
I'll be seeing them again tomorrow so may bring the subject up if there's time.
Paul Roberts
Professional Services Team Lead
n3k Informatik Ltd.
Not sure why you'd want to.
Between router advertisments, anycasting and the service location protocol, why would anyone want to pass the information as a fixed value? Most of that information can be discovered, which is important if you want to support Mobile IP and Network Mobility. After all, if none of the topology can be nailed down, then everything is dynamic and everything must be discovered. Nothing is constant and nothing can be relied upon to stay put.
I think that this article
I think that this article has absolutely no technical merit. IPv6 Autoconfiguration has absolutelly nothing to do with DHCPv6 by design. DHCP, including it's IPv6 incarnation has a very specific purpose: give-out more than just an IP/cidr/gateway|router to the computer.
In DHCP you can also specify what the boot server is in case of PXE booting (see remote over the network deployments). It can tell you where you can find an X Font Server (it used to make sense in DTP labs 15 years ago, when hard-drives had 200 MBytes, and an Unicode font had 20Mbytes), an SMTP server, what time-zone you're in, what the NTP (network time protocol) server is, what the proxy server is and many more.
Autoconfiguration is a great thing for home networks, simple office setups, as well as public networks because it requires almost no user intervention. That means that even grandma can configure her IPv6 wireless router at home, while on the other hand DHCPv6 requires an administrator that knows what he wants and what he offers.
And while Windows and Linux and Cisco know about DHCPv6, they also knew IPv6 autoconfiguration even before they had DHCPv6.
Is anyone adopting IPv6
The last batch of articles I read on IPV6 basically concluded that it was a "dead man walking" - that no one was adopting it, and the flogging of the dead horse would soon die down as even the die-hard advocates gave up.
Has something changed? Is there anyone (other than universities and gov't that are mandated to do so) that actually *wants* IPv6 - I mean other than vendor paid shills and marketing types...
Service providers adopting IPv6
It is possible to get IPv6 service to the home in Japan today, and NTT provides some services to customers that are available only over the IPv6 service.
Some large service providers in the U.S. are considering deployment of IPv6, initially for device management, because of the larger address space available in IPv6. The CableLabs DOCSIS 3.0 specification includes IPv6 for cable modem management, and several cable MSOs have plans for using this feature of IPv6 to reduce the pressure on the limited IPv4 address space in their networks.
No mention of 802.1X
I was disappointed to see no mention in this article of 802.1X. It says:
If network administrators really want to know that only authorized devices are connected to their network, then 802.1X security is what they need. Believing that DHCP gives you security or access control is wishful thinking, and it's disappointing to see that used as the main argument in support of DHCPv6.
802.1x is expensive.
This is the usual answer I get when I propose using it to secure access to the network. With DHCP, any cheap switch will do. You just have to set up a central server. All your state information naturally lives on that server. With 802.1x, you have to buy expensive managed switches (probably replacing existing switches that you will simply have to throw out), and then you need to set up an SNMP management infrastructure.
So yes, 802.1x is how you secure network access. That's why I said "finger on the pulse of the network," rather than "securing your network" when I talked about what I see as the big advantage of DHCP. You're absolutely right - DHCP is in no sense a security solution.
One More Reason to Adopt IPv6
Almost since IPv6's inception the intention has been that there would be two configuration methods; stateless autoconfiguration and DHCPv6.
In many situations stateless autoconfiguration is adequate. When additional configuration options are required or when an organisation prefers stateful configuration, DHCPv6 can be employed.
These mechanisms are complementary and are in no way in conflict. Having two configuration mechanisms is in no way a "reason not to adopt IPv6", just as having a manual or automatic car is not a reason to not use cars!
Sadly many of the supposed issues raised in the article are not issues at all, or are identical to the issues in IPv4.
Post new comment